Abstract
Many claim that software systems must be designed for security. This, however, is far from being an easy task, especially for complex systems. We believe that this difficulty can be alleviated by a set of —preferably rigorous— principles. We propose an architectural style, the Dual Protection Style (DPS), for constructing secure software. This style results from our experience in designing and implementing a distributed, multi-user, medium sized application. We present the applicability and effectiveness of our DPS style on the basis of a case study of a distributed software platform for virtual and mobile team collaboration called Motion. We further elaborate on the description of this architectural style, its formalization and the formal verification of some of its properties.
This work is supported by the European Commission in the Framework of the IST Program, Key Action II on New Methods of Work and eCommerce. Project number: IST-1999-11400 Motion (MObile Teamwork Infrastructure for Organizations Networking).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lee Badger, Daniel F. Sterne, David L. Sherman, and Kenneth M. Walker. A domain and type enforcement UNIX prototype. USENIX Computing Systems, 9(1):47–83, 1996.
C.A.R Hoare. Communicating Sequential Processes. Prentice Hall, 1985.
Premkumar Devanbu and Stuart Stubblebine. Software engineering for security: a roadmap. In ICSE 2000 Special Volume on The Future of Software Engineering, 2000.
Antoni Diller. Z:An Introduction To Formal Methods. Oreilly, Mai 1996.
Pascal Fenkam, Harald Gall, and Mehdi Jazayeri. Visual Requirements Validation: Case Study in a Corba-supported environment. In Proceedings of the 10th IEEE Joint International RequirementsEngineering Conference, Essen, Germany, page to appear, September 2002.
Pascal Christian Fenkam. Dynamic user management system for web sites. Master’s thesis, Graz University of Technology and Vienna University of Technology, September 2000. Available from http//www.ist.tu-graz.ac.at/publications.
Anup K Ghosh. Building software component from the ground up. IEEE Software, 19(1):14–16, January 2002.
GMD. Xql ipsi, http://xml.darmstadt.gmd.de/xql/, 2002.
Anthony Hall and Roderick Chapman. Correctness by construction: Developing a commercial secure system. IEEE Software, pages 18–25, February 2002.
Michael Howard and David LeBlanc. Writing Secure Code. Microsoft Press, 2001.
Daniel Jackson. Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering Methododlogy, 11(2), April 2002.
Daniel Jackson. Automatic analysis of architectural styles. Technical report, MIT Laboratory for Computer Sciences, Software Design Group, Unpublished Manuscript. Available at http://sdg.lcs.mit.edu/ dnj/publications.html.
Kernighan and Pike. The Unix Programming Environment. Prentice Hall, April 1984.
Engin Kirda, Pascal Fenkam, Gerald Reif, and Harald Gall. A service architecture for mobile teamwork. In Proceedings of the 14th International Conference on Software Engineering Conference and Knowledge Engineering Ischia, ITALY, July 2002.
Charlie Lai, Li Gong, larry Koved, Anthony Nadalin, and Roland Schemers. User Authentication and Authorization in The Java Platform. In Proceedings of the 15thA nnual Computer Security Conference, Phoenix, AZ, December 1999.
Marry Shaw and David Garlan. Software Architecture-Perspectives on an Emerging Discipline. Prentice Hall, 1996.
Gary McGraw. Penetrate and patch is bad. IEEE Software, pages 15–16, February 2002.
Gary McGraw and Edward W. Felten. Securing Java, Getting Down to Business with Mobile Code. John Wiley and Sons, Inc, 1999.
Gian Pietro Picco and Gianpaolo Cugola. PeerWare: Core Middleware Support for Peer-To-Peer and Mobile Systems. Technical report, Dipartimento di Electronica e Informazione, Politecnico di Milano, 2001.
Nico Plat and Peter Gorm Larsen. An Overview of the ISO/VDM-SL Standard. In ACM SIGPLAN Notices. ACM SIGPLAN, September 1992.
Gerald Reif, Engin Kirda, Harald Gall, Gian Pietro Picco, Gianpaola Cugola, and Pascal Fenkam. A web-based peer-to-peer architecture for collaborative nomadic working. In 10th IEEE Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), Boston, MA, USA. IEEE Computer Society Press, June 2001.
Michael P. Ressler. Security sensitive software development. In IEEE International Carnahan Conference on Security Technology (ICCST), 1989.
Sun Microsystem. Security code guidelines. Technical report, Sun Microsystem, February 2000. Available at http://java.sun.com/security/seccodeguide.html.
The Institute of Applied Computer Science, IFAD. The IFAD VDM Toolbox. IFAD Danemark, 1999. Available from http://www.ifad.dk.
The Open Group. Guide to Security Patterns, Draft 1. The Open Group, April 2002. Available at http://www.opengroup.org.
Frank Tip and Jens Palsberg. Scalable Propagation-based Call Graph Construction Algorithms. In Proceedings of the ACM Conference on Object Oriented Programming Systems, Languages and Applications (OOPSLA 2000). ACM Press, October 2000.
John Viega and Gary McGraw. Building Secure Software, How to Avoid Security Problems the Right Way. Addison Wesley Professional Computing Series, 2002.
Joseph Yoder and Jeffrey Barcalow. Architectural patterns for enabling application security. In Proceedings of the Pattern Languages of Programming (PLoP) Workshop, September 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fenkam, P., Gall, H., Jazayeri, M., Kruegel, C. (2002). DPS: An Architectural Style for Development of Secure Software. In: Davida, G., Frankel, Y., Rees, O. (eds) Infrastructure Security. InfraSec 2002. Lecture Notes in Computer Science, vol 2437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45831-X_13
Download citation
DOI: https://doi.org/10.1007/3-540-45831-X_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44309-4
Online ISBN: 978-3-540-45831-9
eBook Packages: Springer Book Archive