Skip to main content
SpringerLink
Log in

A Framework for Security Assurance in Component Based Development

  • Conference paper
Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

  • 608 Accesses

Abstract

After a brief boom in the 90’s with small companies and independent software developers, the IT industry is re-discovering the need for teams of programmers developing large software projects. These development teams to leverage the effort and make the software available for future projects use a component-based paradigm. Naturally, detailed specifications and APIs are necessary in order to utilize these components in future projects. These specifications are primarily aimed at describing the normal or functional behavior of the components, not the abnormal or security related features and flaws. This paper will investigate the fundamental issues related to building and composing secure components. The approach outlined in this paper develops a certification process for testing software components for security properties. The anticipated results from this paper are a process, set of core white-box and black-box testing technologies to certify the security of software component and a framework for constructing compositional Component Security Assurance (CSA) based on the security property exposed by the atomic components.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Stephenson, J.: Web Services Architectures for Security. CBDi Journal (February 2003), http://www.cbdiforum.com/

  2. Aoyama, M.: New Age of Software Development: New Component-Based Software Engineering Changes the Way of Software Development. In: 1998 International Workshop on CBSE, ICSE, pp. 124–128 (1998)

    Google Scholar 

  3. CBSE98. Proceedings of International Workshop on Component-Based software Engineering, www.sei.cmu.edu/cbs/ics98/ , Kyoto Japan (April 1998)

  4. Herzum, P., Sims, O.: Business Component Factory: A Comprehensive Overview of CBD for the Enterprise. OMG press (December 1999)

    Google Scholar 

  5. Szyperski, C.: Component Software: Beyond Object-Oriented Programming. Addison-Wesley, Reading (January 1998), http://www.sei.cmu.edu/cbs/icse98/papers/p14.htm

    Google Scholar 

  6. D’Souza, D.F., Wills, A.C.: Objects, Components, and FrameworksWith UML: The Catalysis Approach, Addison-Wesley Object (October 1998)

    Google Scholar 

  7. Common Criteria Project/ISO, Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/IEC 15408), http://www.commoncriteria.org/cc/ (1999)

  8. Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation, version 2.1(ISO/IEC International Standard 15408). NIST, USA and ISO, Switzerland, http://csrc.nist.gov/cc/ (December 1999)

  9. Information Technology-Software Life cycle Process, (ISO/IEC 12207), http://standards.ieee.org/reading/ieee/std/ (1998)

  10. Vetterling, M., Wimmel, G., Wisspeintner, A.: Requirements analysis: Secure systems development based on the common criteria: the PalME project. In: Proceedings of the tenth ACM SIGSOFT symposium on Foundations of software engineering, November 2002, pp. 129–138 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. Computer Information & Communication Engineering, Catholic University of Daegu, 330 KumRak 1ri, HaYangup, Kyungsan, Kyungbuk, South of Korea

    Hangkon Kim

Authors
  1. Hangkon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, H. (2004). A Framework for Security Assurance in Component Based Development. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_70

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_70

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation