Skip to main content
SpringerLink
Log in

Supporting Security Sensitive Architecture Design

  • Conference paper
Book cover Quality of Software Architectures and Software Quality (QoSA 2005, SOQUA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3712))

Abstract

Security is an important quality attribute required in many software intensive systems. However, software development methodologies do not provide sufficient support to address security related issues. Furthermore, the majority of the software designers do not have adequate expertise in the security domain. Thus, security is often treated as an add-on to the designed architecture. Such ad-hoc practices to deal with security issues can result in a system that is vulnerable to different types of attacks. The security community has discovered several security sensitive design patterns, which can be used to compose a security sensitive architecture. However, there is little awareness about the relationship between security and software architecture. Our research has identified several security patterns along with the properties that can be achieved through those patterns. This paper presents those patterns and properties in a framework that can provide appropriate support to address security related issues during architecture processes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 2nd edn. Addison-Wesley, Reading (2003)

    Google Scholar 

  2. Kazman, R., Barbacci, M., Klein, M., Carriere, S.J.: Experience with Performing Architecture Tradoff Analysis. In: Proc. of the 21th International Conference on Software Engineering. ACM Press, New York (1999)

    Google Scholar 

  3. Kazman, R., Bass, L., Abowd, G., Webb, M.: SAAM: A Method for Analyzing the Properties of Software Architectures. In: Proc. of the 16th ICSE (1994)

    Google Scholar 

  4. Bosch, J.: Design & Use of Software Architectures: Adopting and evolving a product-line approach. Addison-Wesley, Reading (2000)

    Google Scholar 

  5. Boehm, B., In, H.: Identifying Quality-Requirement Conflicts IEEE Software 13(2), 25–35 (1996)

    Article  Google Scholar 

  6. Lassing, N., Rijsenbrij, D., Vliet, H.: The goal of software architecture analysis: Confidence building or risk assessment. In: Proceedings of First BeNeLux conference on software architecture (1999)

    Google Scholar 

  7. CERT. CERT/CC Statistics 1988-2004 (Last accessed on February 26, 2005), Available from: http://www.cert.org/stats/cert_stats.html

  8. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2001)

    Google Scholar 

  9. Lamsweerde, A.v.: Elaborating Security Requirements by Construction of Intentional Anti-Models. In: Proc. of the 26th Int’l. Conf. on Software Eng (ICSE), Endinburgh, Scotland (2004)

    Google Scholar 

  10. Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security. In: Proc. of the 4th Pattern Languages of Programming, Washington, USA (1997)

    Google Scholar 

  11. Kienzle, D.M., Elder, M.C.: Final Technical Report: Security Patterns for Web Application Development (Last accessed on February 18, 2005), Available from: http://www.scrypt.net/~celer/securitypatterns/

  12. Kienzle, D.M., Elder, M.C.: Security Patterns: Template and Tutorial (Last accessed on February 18, 2005) Available from: http://www.scrypt.net/~celer/securitypatterns/

  13. Schumacher, M.: AMEC 2000. Lecture Notes in Compuer Science. Springer, Heidelberg (2003)

    Book  MATH  Google Scholar 

  14. Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security Patterns Repository - Version 1.0 (Last accessed on 18 February 2005), Available from, http://www.scrypt.net/~celer/securitypatterns/

  15. IEEE Standard 1061-1992, Standard for Software Quality Metrics Methodology. Institute of Electrical and Electronic Engineers, New York (1992)

    Google Scholar 

  16. McCall, J.A.: Quality Factors. In: Marciniak, J.J. (ed.) Encyclopedia of Software Engineering, pp. 958–971. John Wiley, New York (1994)

    Google Scholar 

  17. ISO/IEC, Information technology - Software product quality: Quality model. ISO/IEC FDIS 9126-1:2000(E)

    Google Scholar 

  18. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns-Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)

    Google Scholar 

  19. Petersson, K., Persson, T., Sanden, B.I.: Software Architecture as a Combination of Patterns. CrossTalk The Journal of Defense Software Engineering (October 2003)

    Google Scholar 

  20. Buschmann, F.: Pattern-oriented software architecture: a system of patterns, p. 457. Wiley, Chichester (1996)

    Google Scholar 

  21. Hohmann, L.: Beyond Software Architecture: Creating and sustaining winning solutions. Pearson Education, Inc., London (2003)

    Google Scholar 

  22. Proctor, P.E., Byrnes, F.C.: The Secured Enterprise: Protecting your information assets. Prentice Hall PTR, Englewood Cliffs (2002)

    Google Scholar 

  23. Ali-Babar, M.: Scenarios, Quality Attributes, and Patterns: Capturing and Using their Synergistic Relationships for Product Line Architectures. In: Proc. of the Int,l. Workshop on Adopting Product Line Software Engineering, Busan, South Korea (2004)

    Google Scholar 

  24. Zhu, L., Ali-Babar, M., Jeffery, R.: Mining Patterns to Support Software Architecture Evaluation. In: Proc. of the 4th Working IEEE/IFIP Conference on Software Architecture (2004)

    Google Scholar 

  25. Ali-Babar, M., Kitchenham, B., Maheshwari, P., Jeffery, R.: Mining Patterns for Improving Architecting Activities - A Research Program and Preliminary Assessment. In: Proc. of 9th Int’l. conf. on Empirical Assessment in Software Engineering, Keele, UK (2005)

    Google Scholar 

  26. Bass, L., John, B.E.: Linking usability to software architecture patterns through general scenarios. Journal of Systems and Software 66(3), 187–197 (2003)

    Article  Google Scholar 

  27. Folmer, E., Gurp, J.v., Bosch, J.: A Framework for Capturing the Relationship between Usability and Software Architecture. Software Process Improvement and Practice 8(2), 67–87 (2003)

    Article  Google Scholar 

  28. Bass, L., Klein, M., Moreno, G.: Applicability of General Scenarios to the Architecture Tradeoff Analysis Method, Tech Report CMU/SEI-2000-TR-014, Softwar Engineering Institute, Carnegie Mellon University (2001)

    Google Scholar 

  29. Singh, I., Stearns, B., Johnson, M., Team, E.: Designing Enterprise Applications with the J2EETM Platform. Addison Wesley Professional, Reading (2002)

    Google Scholar 

  30. Schneier, B.: Secrets and Lies: Digital Security In a networked world. Wiley Computer Publishing, Chichester (2000)

    Google Scholar 

  31. Bass, L., Klein, M., Bachmann, F.: Quality Attribute Design Primitives and the Attribute Driven Design Method. In: Proceedings of the 4th International Workshop on Product Family Engineering, Bilbao, Spain (2001)

    Google Scholar 

  32. Romanosky, S.: Security Design Patterns (Last accessed on 21th February 2005), Available from, http://www.cgisecurity.com/lib/securityDesignPatterns.pdf

  33. Feghhi, J., Feghhi, J., Williams, P.: Digital Certificates: Applied Internet Security. Addison Wesley Longman, Inc., Amsterdam (1999)

    Google Scholar 

  34. Juric, M., et al.: Patterns Applied to Manage Security, in J2EE Patterns Applied: Real World Development with Pattern Frameworks, Peer Information (2002)

    Google Scholar 

  35. Ellison, R.J., Moore, A.P., Bass, L., Klein, M., Bachmann, F.: Security and Survivability Reasoning Frameworks and Architectural Design Tactics, Tech Report CMU/SEI-2004-TR-022, SEI, Carnegie Mellon University, USA (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Empirical Software Engineering, National ICT Australia, Australian Technology Park, Alexandria, 1435, Sydney

    Muahmmad Ali Babar & Ian Gorton

  2. School of Computer Science and Engineering, University of New South Wales, Australia

    Muahmmad Ali Babar & Xiaowen Wang

Authors
  1. Muahmmad Ali Babar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaowen Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ian Gorton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chair for Software Design and Quality, University of Karlsruhe (TH), Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Ralf Reussner

  2. Dept. of Applied Information Processing, University of Ulm, 89069, Ulm, Germany

    Johannes Mayer

  3. Computer Science, Tufts University, 161 College Avenue, Medford, 02155, Boston, MA, USA

    Judith A. Stafford

  4. Dept. of Software Engineering and Business Information Systems, Augsburg University, Universitätsstraße 16, 86135, Augsburg, Germany

    Sven Overhage

  5. FZI Forschungszentrum Informatik, Haid-und-Neu-Straße 10-14, 76131, Karlsruhe, Germany

    Steffen Becker

  6. Department of Electrical Engineering and Computer Science, Milwaukee School of Engineering, 53202, Milwaukee, WI, USA

    Patrick J. Schroeder

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Babar, M.A., Wang, X., Gorton, I. (2005). Supporting Security Sensitive Architecture Design. In: Reussner, R., Mayer, J., Stafford, J.A., Overhage, S., Becker, S., Schroeder, P.J. (eds) Quality of Software Architectures and Software Quality. QoSA SOQUA 2005 2005. Lecture Notes in Computer Science, vol 3712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11558569_11

Download citation

  • DOI: https://doi.org/10.1007/11558569_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29033-9

  • Online ISBN: 978-3-540-32056-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation