Abstract
Architectural tactics are design decisions intended to improve some system quality factor. Since their initial formulation, they have been formalized, compared with patterns and associated to styles, but the initial set of tactics for security has only been refined once. We have examined this tactics set and classification from the viewpoint of security research, and concluded that some tactics would be better described as principles or policies, some are not needed, and others do not cover the functions needed to secure systems, which makes them not very useful for designers. We propose here a refined set and classification of architectural tactics for security, which we consider more appropriate than the original and the previously refined sets. We also suggest how to realize them using security patterns.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bagheri, H., Sullivan, K.: A formal approach for incorporating architectural tactics into the software architecture. In: Procs. of SEKE, pp. 770–775 (2011)
Bass, L., Clements, P., Kazman, R.: Software architecture in practice, 2nd edn. Addison-Wesley (2003)
Bass, L., Clements, P., Kazman, R.: Software architecture in practice, 3rd edn. Addison-Wesley (2012)
Buschmann, F., Meunier, R., Rohnert, H., Sommerland, P., Stal, M.: Pattern-oriented Software Architecture. Wiley (1996)
Cañete, J.M.: Annotating problem diagrams with architectural tactics for reasoning on quality requirements. Information Proc. Letters 112, 656–661 (2012)
Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: NFRs in software engineering. Kluwer Acad. Publ., Boston (2000)
Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: A methodology to develop secure systems using patterns. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Vision, chapter 5, pp. 107–126. IDEA Press (2006)
Fernandez, E.B., Yoshioka, N., Washizaki, H., VanHilst, M.: An approach to model-based development of secure and reliable systems. In: Procs. Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22–26
Fernandez, E.B., Astudillo, H.: Should we use tactics or patterns to build secure systems? In: First International Symposium on Software Architecture and Patterns, in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, Panama City, Panama, July, 23–27, 2012
Fernandez, E.B.: Security patterns in practice - Designing Secure Architectures Using Software Patterns, Wiley Series on Software Design Patterns (June 2013)
Fernandez, E.B., Yoshioka, N., Washizaki, H., Yoder, J.: Abstract security patterns for requirements specification and analysis of secure systems. In: Procs. of the WER 2014 Conference, a Track of the 17th Ibero-American Conf. on Soft. Eng. (CIbSE 2014), Pucon, Chile, April 2014
Fernandez, E.B., Monge, R., Carvajal, R., Encina, O., Hernandez, J., Silva, P., R.: Patterns for Content-Dependent and Context-Enhanced Authorization. In: Proceedings of 19th European Conference on Pattern Languages of Programs, Germany, July 2014
Gallego, B., Muñoz, A., Maña, A., Serrano, D.: Security patterns, towards a further level. In: Procs. SECRYPT, pp. 349–356 (2009)
Gollmann, D.: Computer security, 2nd edn. Wiley (2006)
Harrison, N.B., Avgeriou, P.: How do architecture patterns and tactics interact? A model and annotation. The Journal of Systems and Software 83, 1735–1758 (2010)
Kim, S., Kim, D.-K., Lu, L., Park, S.: Quality-driven architecture development using architectural tactics. Journal of Systems and Software (2009)
Neumann, P.G.: Principled assuredly trustworthy composable architectures. Final SRI report to DARPA, December 28, 2004
Preschern, C.: Catalog of Security Tactics linked to Common Criteria Requirements. In: Procs. of PLoP (2012)
Ray, I., France, R.B., Li, N., Georg, G.: An aspect-based approach to modeling access control concerns. Inf. & Soft. Technology 9, 575–587 (2004)
Ryoo, J., Laplante, P., Kazman, R.: A methodology for mining security tactics from security patterns. In: Procs. of the 43rd Hawaii International Conference on System Sciences (2010). http://doi.ieeecomputersociety.org/10.1109/HICSS.2010.18
Ryoo, J., Laplante, P., Kazman, R.: Revising a security tactics hierarchy through decomposition, reclassification, and derivation. In: 2012 IEEE Int. Conf. on Software Security and Reliability Companion, pp. 85–91
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Procs. of the IEEE 63(9), 1278–1308 (1975)
Shapiro, J.S., Hardy, N.: EROS: A Principle-Driven Operating System from the Ground Up. IEEE Software, January/February 2002
Taylor, R.N., Medvidovic, N., Dashofy, N.: Software Architecture: Foundation, Theory, and Practice. Wiley (2010)
Uzunov, A.V., Fernandez, E.B., Falkner, K.: Engineering Security into Distributed Systems: A Survey of Methodologies. Journal of Universal Computer Science 18(20), 2920–3006
Uzunov, A.V., Fernandez, E.B., Falkner, K.: ASE: A Comprehensive Pattern-Driven Security Methodology for Distributed Systems. Journal of Computer Standards & Interfaces (2015). http://dx.doi.org/10.1016/j.csi.2015.02.011
Uzunov, A.V., Fernandez, E.B.: Cryptography-based security patterns and security solution frames for networked and distributed systems (submitted for publication)
VanHilst, M., Fernandez, E.B., Braz, F.: A multidimensional classification for users of security patterns. Journal of Res. and Practice in Information Technology 41(2), 87–97 (2009)
Washizaki, H., Fernandez, E.B., Maruyama, K., Kubo, A., Yoshioka, N.: Improving the classification of security patterns. In: Procs. of the Third Int. Workshop on Secure System Methodologies using Patterns (SPattern 2009)
Woods, E., Rozanski, N.: Using architectural perspectives. In: Procs. of the 5th Working IEEE/IFIP Conference on Software Architecture (WICSA 2005)
Rozanski, N., Woods, E.: Software systems architecture: working with stakeholders using viewpoints and perspectives, 2nd edn. Addison-Wesley Educational Publishers (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Fernandez, E.B., Astudillo, H., Pedraza-García, G. (2015). Revisiting Architectural Tactics for Security. In: Weyns, D., Mirandola, R., Crnkovic, I. (eds) Software Architecture. ECSA 2015. Lecture Notes in Computer Science(), vol 9278. Springer, Cham. https://doi.org/10.1007/978-3-319-23727-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-23727-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23726-8
Online ISBN: 978-3-319-23727-5
eBook Packages: Computer ScienceComputer Science (R0)