Merging Integration Solutions for Architecture and Security Mismatch

  • Jamie Payton
  • Gerður Jónsdóttir
  • Daniel Flagg
  • Rose Gamble
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2255)


Integrating COTS products into a composite application can reduce development effort and associated costs. A major drawback comes from interoperability problems that hinder the seamless integration of components. Two types of problems are prominent: architecture mismatch and security mismatch. Because of their distinct properties, each problem is currently analyzed separately. The results are integration solutions that are constructed in isolation. Combining these solutions can yield another set of problems if their functionality is conflicting, duplicated, or overly complex. It is imperative to address these issues in component based software development. In this paper, we depict the architectural differences among components, their security access control policies, and the integration solutions that result from independent analysis. This is the first step toward including architectural interoperability issues and security conflicts in the design of an encompassing solution for an integrated application. We show a composition of the two solutions, highlighting redundancy and complexity.


Software Architecture Security Policy Integration Solution Integration Element Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    OMG: CORBA Security Services Specification. (2001).Google Scholar
  2. 2.
    Rouvellou, I., Sutton, S., Tai, S.: Multidimensional Separation of Concerns in Middleware. In, Workshop on Multi-Dimensional Separation of Concerns, (2000).Google Scholar
  3. 3.
    Viega, J., Evans, D.: Separation of Concerns for Security. In, ICSE Workshop on Multidimensional Separation of Concerns in Software Engineering, (2000).Google Scholar
  4. 4.
    Lindqvist, U., Jonsson, E.: A map of Security Risks Associated with Using COTS. In Computer,Vol. 31(6), (1998), 60–66.CrossRefGoogle Scholar
  5. 5.
    Zhong, Q., Edwards, N.: Security Control for COTS Components. In Computer, Vol. 31(6), (1998), 67–73.CrossRefGoogle Scholar
  6. 6.
    Profeta, J., et al.: Safety-Critical Systems Built with COTS. In Computer, Vol. 29(11), (1996), 54–60.CrossRefGoogle Scholar
  7. 7.
    Perry, D., Wolf, A.: Foundations for the Study of Software Architecture. In ACM SIGSOFT, Vol. 17(4), (1992), 40–52.CrossRefGoogle Scholar
  8. 8.
    Shaw, M., Garlan, D.: Software Architecture: Perspectives on an Emerging Discipline. Prentice Hall, Englewood Cliffs, NJ, (1996).zbMATHGoogle Scholar
  9. 9.
    Garlan, D., Allen, A., Ockerbloom, J.: Architectural Mismatch, or Why it is hard to build systems out of existing parts. In, 17th International Conference on Software Engineering, Seattle, WA, (1995).Google Scholar
  10. 10.
    Compare, D., Inverardi, P., Wolf, A.: Uncovering Architectural Mismatch in Component Behavior. Science of Computer Programming, Vol. 33(2), (1999), 101–31.zbMATHCrossRefGoogle Scholar
  11. 11.
    Allen, R., Garlan, D.: A Formal Basis for Architectural Connection. ACM Transactions on Software Engineering and Methodologies, Vol. 6(3), (1997), 213–49.CrossRefGoogle Scholar
  12. 12.
    Magee, J., Dulay, N., Eisenbach, S., Kramer, J.: Specifying Distributed Software Architectures. In, The 5th European Software Engineering Conference, Barcelona, Spain, (1995).Google Scholar
  13. 13.
    Kazman, P., Bass, L., Abowd, G. and Webb, S.M.: SAAM: A Method for Analyzing the Properties of Software Architectures. In Proceedings of the International Conference on Software Engineering, (1994), 81–90.Google Scholar
  14. 14.
    Kazman, R., Klein, M., Barbacci, M., Lipson, H., Longsta., T., Carriere, S.: The Architecture Tradeoff Analysis Method. In International Conference on Engineering of Complex Computer Systems, Monterey, CA, (1998).Google Scholar
  15. 15.
    Duenas, J., Oliveira, W., Puente, J.: A Software Architecture Evaluation Model. In, ESPRIT ARES Workhop, Las Palmas: Springer Verlag, (1995), 148–57.Google Scholar
  16. 16.
    Davis, L., Gamble, R., Payton, J., Jonsdottir, G., Underwood, D.: A Notation for Problematic Architecture Interactions. In, Proceeding of European Software Engineering Conference/Foundations of Software Engineering, Vienna, Austria (2001).Google Scholar
  17. 17.
    Keshav, R.: Architecture Integration Elements: Connectors that Form Middleware. M.S. Thesis, Department of Mathematical and Computer Sciences: University of Tulsa, (1999).Google Scholar
  18. 18.
    Keshav, R., Gamble, R.: Towards a Taxonomy of Architecture Integration Strategies. 3rd International Software Architecture Workshop, (1998).Google Scholar
  19. 19.
    Sitaraman, R.: Integration of Software Systems at an Abstract Architectural Level. M.S. Thesis, Department of Mathematical and Computer Sciences: University of Tulsa, (1997).Google Scholar
  20. 20.
    Mularz, D.: Pattern-Based Integration Architectures. In Pattern Language of Programming, (1994).Google Scholar
  21. 21.
    Gong, L., Qian, X.: Computational Issues in Secure Interoperation. In, IEEE Transactions on Software Engineering, Vol. 22(1), (1996), 43–52.CrossRefGoogle Scholar
  22. 22.
    Galiasso, P.: A Policy Mediation Architecture for Multi-Enterprise Environments Ph.D. Dissertation, Department of Mathematical and Computer Sciences: University of Tulsa, (2001).Google Scholar
  23. 23.
    Lang, U., Schreiner, R.: Flexibility and Interoperability in CORBA. Electronic Notes in Theoretical Computer Science, (2000).Google Scholar
  24. 24.
    Payton, J., Gamble, R., Kimsen, S., Davis, L.: The Opportunity for Formal Models of Integration. In, 2nd Int’l Conference on Information Reuse and Integration, (2000).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jamie Payton
    • 1
  • Gerður Jónsdóttir
    • 1
  • Daniel Flagg
    • 1
  • Rose Gamble
    • 1
  1. 1.Software Engineering & Architecture Team Department of Mathematical and Computer SciencesUniversity of TulsaTulsa

Personalised recommendations