Abstract
Architecture-first approach to address software resiliency is becoming the mainstream development method for mission-critical and software-intensive systems. In such approach, resiliency is built into the system from the ground up, starting with a robust software architecture design. As a result, a flaw in the design of a resilient architecture affects the system’s ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber-resources. In this paper, we present an architecture-centric reasoning and verification methodology for detecting design weaknesses in resilient systems. Our goal is to assist software architects in building sound architectural models of their systems. We showcase our approach with the aid of an Autonomous Robot modeled in AADL, in which we use our methodology to uncover three architectural weaknesses in the adoption of three architectural tactics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Due to space constraints, we do not show the definitions for all sub-claims.
References
SPEculative and Exporatory Design in System engineering. http://www.speeds.eu.com/
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 3rd edn. Addison-Wesley Professional (2012)
Berger, B.J., Sohr, K., Koschke, R.: Extracting and analyzing the implemented security architecture of business applications. In: 17th European Conference on Software Maintenance and Reengineering (CSMR), pp. 285–294. IEEE (2013). https://doi.org/10.1109/CSMR.2013.37
Berger, B.J., Sohr, K., Koschke, R.: Automatically extracting threats from extended data flow diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 56–71. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30806-7_4
Bodeau, D., Graubart, R.: Cyber resiliency design principles. MITRE (2017)
Bodeveix, J.P., Filali, M., Garnacho, M., Spadotti, R., Yang, Z.: Towards a verified transformation from AADL to the formal component-based language FIACRE. Sci. Comput. Program. 106, 30–53 (2015)
Booch, G.: The economics of architecture-first. IEEE Softw. 24(5), 18–20 (2007). https://doi.org/10.1109/MS.2007.146
Cechticky, V., Montalto, G., Pasetti, A., Salerno, N.: The AOCS framework. European Space Agency-Publications-ESA SP 516, 535–540 (2003)
Ellison, R., Householder, A., Hudak, J., Kazman, R., Woody, C.: Extending AADL for security design assurance of cyber-physical systems. Technical report, CMU/SEI-2015-TR-014, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2015). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=449510
Feiler, P.H., Gluch, D., McGregor, J.D.: An architecture-led safety analysis method. In: 8th European Congress on Embedded Real Time Software and Systems (ERTS 2016) (2016)
Feiler, P.H., Gluch, D.P.: Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language. Addison-Wesley (2012)
Feiler, P.H., Gluch, D.P., Hudak, J.J.: The architecture analysis & design language (AADL): an introduction. Technical report, SEI (2006). https://doi.org/10.1184/R1/6584909.v1
Gacek, A., Backes, J., Cofer, D., Slind, K., Whalen, M.: Resolute: an assurance case language for architecture models. In: Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology, pp. 19–28. ACM, New York (2014)
Goldman, H.G.: Building secure, resilient architectures for cyber mission assurance. Technical report, The MITRE Corporation (2010)
Hanmer, R.: Patterns for Fault Tolerant Software. Wiley Series in Software Design Patterns (2007)
Heyman, T., Scandariato, R., Joosen, W.: Reusable formal models for secure software architectures. In: 2012 Joint Working IEEE/IFIP Conference on Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), pp. 41–50. IEEE (2012)
Hugues, J.: AADLib: a library of reusable AADL models. Technical report, SAE Technical Paper (2013)
Hukerikar, S., Engelmann, C.: Resilience design patterns: a structured approach to resilience at extreme scale. arXiv preprint arXiv:1708.07422 (2017)
IEEE Center for Secure Design: Avoiding the top 10 software security design flaws (2015). https://ieeecs-media.computer.org/media/technical-activities/CYBSI/docs/Top-10-Flaws.pdf. Accessed 10 June 2016
Johnsen, A., Lundqvist, K., Pettersson, P., Jaradat, O.: Automated verification of AADL-specifications using UPPAAL. In: Proceedings of the 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering, HASE 2012, USA, pp. 130–138. IEEE Computer Society (2012)
Kazman, R., et al.: A case study in locating the architectural roots of technical debt. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 2, pp. 179–188 (2015)
Kazman, R., Klein, M., Clements, P.: ATAM: a method for architecture evaluation. Software Engineering Institute (2000)
Kim, S., Kim, D.K., Lu, L., Park, S.Y.: A tactic-based approach to embodying non-functional requirements into software architectures. In: 2008 12th International IEEE Enterprise Distributed Object Computing Conference, pp. 139–148 (2008)
Mirakhorli, M., Cleland-Huang, J.: Using tactic traceability information models to reduce the risk of architectural degradation during system maintenance. In: Proceedings of the 2011 27th IEEE International Conference on Software Maintenance, ICSM 2011, Washington, DC, USA, pp. 123–132. IEEE Computer Society (2011)
Mirakhorli, M., Cleland-Huang, J.: Detecting, tracing, and monitoring architectural tactics in code. IEEE Trans. Softw. Eng. 42(3), 205–220 (2015)
Mirakhorli, M., Shin, Y., Cleland-Huang, J., Cinar, M.: A tactic-centric approach for automating traceability of quality concerns. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012. IEEE Press (2012)
Munoz, M.: Space systems modeling using the architecture analysis & design language (AADL). In: 2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 97–98. IEEE (2013)
Santos, J.C.S., Tarrit, K., Mirakhorli, M.: A catalog of security architecture weaknesses. In: 2017 IEEE International Conference on Software Architecture Workshops (ICSAW), pp. 220–223, April 2017
Santos, J.C.S., Suloglu, S., Ye, J., Mirakhorli, M.: Towards an automated approach for detecting architectural weaknesses in critical systems, pp. 250–253. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3387940.3392222
Sion, L., Tuma, K., Scandariato, R., Yskout, K., Joosen, W.: Towards automated security design flaw detection. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW). IEEE (2019)
Stewart, D., Whalen, M.W., Cofer, D., Heimdahl, M.P.E.: Architectural modeling and analysis for safety engineering. In: Bozzano, M., Papadopoulos, Y. (eds.) IMBSA 2017. LNCS, vol. 10437, pp. 97–111. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64119-5_7
Tuma, K., Sion, L., Scandariato, R., Yskout, K.: Automating the early detection of security design flaws. In: Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, pp. 332–342 (2020)
Vanciu, R., Abi-Antoun, M.: Finding architectural flaws in Android apps is easy. In: Proceedings of the 2013 Companion Publication for Conference on Systems, Programming, & Applications: Software for Humanity, SPLASH 2013, pp. 21–22 (2013)
Acknowledgement
This work is partially supported by Defense Advanced Research Projects Agency (DARPA) under award number: 006376-002.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Santos, J.C.S., Suloglu, S., Cataño, N., Mirakhorli, M. (2023). A Methodological Approach to Verify Architecture Resiliency. In: Batista, T., Bureš, T., Raibulet, C., Muccini, H. (eds) Software Architecture. ECSA 2022 Tracks and Workshops. ECSA 2022. Lecture Notes in Computer Science, vol 13928. Springer, Cham. https://doi.org/10.1007/978-3-031-36889-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-36889-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36888-2
Online ISBN: 978-3-031-36889-9
eBook Packages: Computer ScienceComputer Science (R0)