Modeling of security failure tolerant requirements and design of secure connectors

Date

2019-08

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Due to the software security issues and their impact on the society, the interest and demand for robust secure software has grown dramatically. Following two topics illustrates ways to make software more secure while keeping it more maintainable and reusable.

a) Abstract of Modeling Security Failure Tolerant requirements This topic describes security failure-tolerant (SFT) requirements, which can tolerate the failures of security that protects a system from attacks. Although a security service for a system can keep the system from security breaches for a while, it can be broken down as attack skills are advanced. This paper addresses an approach to specifying and analyzing the SFT requirements that tolerates the breaches of security services for systems. The approach is modeled by means of a meta-model, which describes the meta-classes and relationships between meta-classes for SFT requirements specification and analysis models. Threats to systems are identified in the specification and analysis of SFT requirements, and SFT countermeasures against the threats are described in the SFT requirements. An electric commerce system is used for illustrating the approach.

b) Abstract of Design of Secure Connectors This topic describes the design of reusable secure connectors that are used in the design of secure software architectures for distributed software applications. The secure connectors are designed separately from application components by reusing the appropriate communication pattern between components as well as the security services required by these components. Each secure connector is designed as a composite component that encapsulates both security service components and communication pattern components. Integration of security services and communication patterns within a secure connector is provided by a security coordinator. The main advantage is that secure connectors can be reused in different applications while reducing the software complexity. In this topic, secure connectors are reused in electronic commerce and automated teller machine applications.

Description

Keywords

Security failure-tolerant requirements, Analysis of SFT requirements, Static model, Static model, Dynamic model, Threat, Meta-mode, Software product line, Feature model, Secure connector, Secure software architecture, Component-based software architecture, Secure software design, Message communication patterns, Security patterns, Model-based design, UML

Citation