Skip to main content
SpringerLink
Log in

A Methodological Approach to Verify Architecture Resiliency

  • Conference paper
  • First Online:
Software Architecture. ECSA 2022 Tracks and Workshops (ECSA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13928))

Included in the following conference series:

Abstract

Architecture-first approach to address software resiliency is becoming the mainstream development method for mission-critical and software-intensive systems. In such approach, resiliency is built into the system from the ground up, starting with a robust software architecture design. As a result, a flaw in the design of a resilient architecture affects the system’s ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber-resources. In this paper, we present an architecture-centric reasoning and verification methodology for detecting design weaknesses in resilient systems. Our goal is to assist software architects in building sound architectural models of their systems. We showcase our approach with the aid of an Autonomous Robot modeled in AADL, in which we use our methodology to uncover three architectural weaknesses in the adoption of three architectural tactics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Due to space constraints, we do not show the definitions for all sub-claims.

References

  1. SPEculative and Exporatory Design in System engineering. http://www.speeds.eu.com/

  2. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 3rd edn. Addison-Wesley Professional (2012)

    Google Scholar 

  3. Berger, B.J., Sohr, K., Koschke, R.: Extracting and analyzing the implemented security architecture of business applications. In: 17th European Conference on Software Maintenance and Reengineering (CSMR), pp. 285–294. IEEE (2013). https://doi.org/10.1109/CSMR.2013.37

  4. Berger, B.J., Sohr, K., Koschke, R.: Automatically extracting threats from extended data flow diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 56–71. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30806-7_4

    Chapter  Google Scholar 

  5. Bodeau, D., Graubart, R.: Cyber resiliency design principles. MITRE (2017)

    Google Scholar 

  6. Bodeveix, J.P., Filali, M., Garnacho, M., Spadotti, R., Yang, Z.: Towards a verified transformation from AADL to the formal component-based language FIACRE. Sci. Comput. Program. 106, 30–53 (2015)

    Article  Google Scholar 

  7. Booch, G.: The economics of architecture-first. IEEE Softw. 24(5), 18–20 (2007). https://doi.org/10.1109/MS.2007.146

    Article  Google Scholar 

  8. Cechticky, V., Montalto, G., Pasetti, A., Salerno, N.: The AOCS framework. European Space Agency-Publications-ESA SP 516, 535–540 (2003)

    Google Scholar 

  9. Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.: Extending AADL for security design assurance of cyber-physical systems. Technical report, CMU/SEI-2015-TR-014, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2015). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=449510

  10. Feiler, P.H., Gluch, D., McGregor, J.D.: An architecture-led safety analysis method. In: 8th European Congress on Embedded Real Time Software and Systems (ERTS 2016) (2016)

    Google Scholar 

  11. Feiler, P.H., Gluch, D.P.: Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language. Addison-Wesley (2012)

    Google Scholar 

  12. Feiler, P.H., Gluch, D.P., Hudak, J.J.: The architecture analysis & design language (AADL): an introduction. Technical report, SEI (2006). https://doi.org/10.1184/R1/6584909.v1

  13. Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.: Resolute: an assurance case language for architecture models. In: Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology, pp. 19–28. ACM, New York (2014)

    Google Scholar 

  14. Goldman, H.G.: Building secure, resilient architectures for cyber mission assurance. Technical report, The MITRE Corporation (2010)

    Google Scholar 

  15. Hanmer, R.: Patterns for Fault Tolerant Software. Wiley Series in Software Design Patterns (2007)

    Google Scholar 

  16. Heyman, T., Scandariato, R., Joosen, W.: Reusable formal models for secure software architectures. In: 2012 Joint Working IEEE/IFIP Conference on Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), pp. 41–50. IEEE (2012)

    Google Scholar 

  17. Hugues, J.: AADLib: a library of reusable AADL models. Technical report, SAE Technical Paper (2013)

    Google Scholar 

  18. Hukerikar, S., Engelmann, C.: Resilience design patterns: a structured approach to resilience at extreme scale. arXiv preprint arXiv:1708.07422 (2017)

  19. IEEE Center for Secure Design: Avoiding the top 10 software security design flaws (2015). https://ieeecs-media.computer.org/media/technical-activities/CYBSI/docs/Top-10-Flaws.pdf. Accessed 10 June 2016

  20. Johnsen, A., Lundqvist, K., Pettersson, P., Jaradat, O.: Automated verification of AADL-specifications using UPPAAL. In: Proceedings of the 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering, HASE 2012, USA, pp. 130–138. IEEE Computer Society (2012)

    Google Scholar 

  21. Kazman, R., et al.: A case study in locating the architectural roots of technical debt. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 2, pp. 179–188 (2015)

    Google Scholar 

  22. Kazman, R., Klein, M., Clements, P.: ATAM: a method for architecture evaluation. Software Engineering Institute (2000)

    Google Scholar 

  23. Kim, S., Kim, D.K., Lu, L., Park, S.Y.: A tactic-based approach to embodying non-functional requirements into software architectures. In: 2008 12th International IEEE Enterprise Distributed Object Computing Conference, pp. 139–148 (2008)

    Google Scholar 

  24. Mirakhorli, M., Cleland-Huang, J.: Using tactic traceability information models to reduce the risk of architectural degradation during system maintenance. In: Proceedings of the 2011 27th IEEE International Conference on Software Maintenance, ICSM 2011, Washington, DC, USA, pp. 123–132. IEEE Computer Society (2011)

    Google Scholar 

  25. Mirakhorli, M., Cleland-Huang, J.: Detecting, tracing, and monitoring architectural tactics in code. IEEE Trans. Softw. Eng. 42(3), 205–220 (2015)

    Article  Google Scholar 

  26. Mirakhorli, M., Shin, Y., Cleland-Huang, J., Cinar, M.: A tactic-centric approach for automating traceability of quality concerns. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012. IEEE Press (2012)

    Google Scholar 

  27. Munoz, M.: Space systems modeling using the architecture analysis & design language (AADL). In: 2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 97–98. IEEE (2013)

    Google Scholar 

  28. Santos, J.C.S., Tarrit, K., Mirakhorli, M.: A catalog of security architecture weaknesses. In: 2017 IEEE International Conference on Software Architecture Workshops (ICSAW), pp. 220–223, April 2017

    Google Scholar 

  29. Santos, J.C.S., Suloglu, S., Ye, J., Mirakhorli, M.: Towards an automated approach for detecting architectural weaknesses in critical systems, pp. 250–253. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3387940.3392222

  30. Sion, L., Tuma, K., Scandariato, R., Yskout, K., Joosen, W.: Towards automated security design flaw detection. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW). IEEE (2019)

    Google Scholar 

  31. Stewart, D., Whalen, M.W., Cofer, D., Heimdahl, M.P.E.: Architectural modeling and analysis for safety engineering. In: Bozzano, M., Papadopoulos, Y. (eds.) IMBSA 2017. LNCS, vol. 10437, pp. 97–111. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64119-5_7

    Chapter  Google Scholar 

  32. Tuma, K., Sion, L., Scandariato, R., Yskout, K.: Automating the early detection of security design flaws. In: Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, pp. 332–342 (2020)

    Google Scholar 

  33. Vanciu, R., Abi-Antoun, M.: Finding architectural flaws in Android apps is easy. In: Proceedings of the 2013 Companion Publication for Conference on Systems, Programming, & Applications: Software for Humanity, SPLASH 2013, pp. 21–22 (2013)

    Google Scholar 

Download references

Acknowledgement

This work is partially supported by Defense Advanced Research Projects Agency (DARPA) under award number: 006376-002.

Author information

Authors and Affiliations

  1. University of Notre Dame, Notre Dame, IN, 46556, USA

    Joanna C. S. Santos

  2. Atilim University, Ankara, Turkey

    Selma Suloglu

  3. Rochester Institute of Technology, Rochester, NY, 14623, USA

    Néstor Cataño & Mehdi Mirakhorli

Authors
  1. Joanna C. S. Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Selma Suloglu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Néstor Cataño
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mehdi Mirakhorli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Joanna C. S. Santos or Mehdi Mirakhorli .

Editor information

Editors and Affiliations

  1. Federal University of Rio Grande do Norte, Natal, Brazil

    Thais Batista

  2. Charles University, Prague, Czech Republic

    Tomáš Bureš

  3. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Claudia Raibulet

  4. University of L’Aquila, L’Aquila, Italy

    Henry Muccini

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Santos, J.C.S., Suloglu, S., Cataño, N., Mirakhorli, M. (2023). A Methodological Approach to Verify Architecture Resiliency. In: Batista, T., Bureš, T., Raibulet, C., Muccini, H. (eds) Software Architecture. ECSA 2022 Tracks and Workshops. ECSA 2022. Lecture Notes in Computer Science, vol 13928. Springer, Cham. https://doi.org/10.1007/978-3-031-36889-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36889-9_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36888-2

  • Online ISBN: 978-3-031-36889-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation