Security benefits from software architecture

  • C. Bidan
  • V. Issarny
Regular Papers
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1282)


In today's field of distributed software architectures there is a need for environments allowing the easy development of applications consisting of heterogeneous software modules and having various Quality of Service requirements (e.g., timeliness, availability or security). System customization using middleware-services is a promising solution to deal with the coexistence of multiple applications with different Quality of Service requirements. From the security point of view, the goal for system customization is to permit the interoperation among applications having different, possibly inconsistent security constraints. This paper demonstrates how the software architecture paradigm is beneficial for addressing security issues in distributed systems through system customization. The software architecture paradigm. allows the application developer to abstractly specify security-related requirements. Then, our framework takes in charge the system customization to meet these requirements. The practical use of our approach is also addressed by discussing its integration in a configuration-based distributed programming environment.


Access Control Composition Operator Security Requirement Encryption Algorithm Authentication Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Allen and D. Garlan. Formalizing architectural connection. In Proceedings of the Sixteenth International Conference on Software Engineering, 1994.Google Scholar
  2. 2.
    J. P. Banâtre, C. Bryce, and D. LeMétayer. Mechanical Proof of Security Properties. In European Symposium on Research in Computer Security, November 1994.Google Scholar
  3. 3.
    D. E. Bell. Modeling the Multipolicy Machine. In Proceedings of the New Security Paradigm Workshop, pages 2–9, August 1994.Google Scholar
  4. 4.
    P.A. Bernstein. Middleware: a Model for Distributed Systems Services. Communication of the ACM, 39(2), February 1996.Google Scholar
  5. 5.
    C. Bidan and V. Issarny. Dealing with Multi-Policy Security in Large Open Distributed Systems. Submitted for publication, May 1997.Google Scholar
  6. 6.
    M. Burrows, M. Abadi, and R. Needham. A Logic of Authentication. Technical Report 39, Digital Systems Research Center, February 1989.Google Scholar
  7. 7.
    M. Chapman and S. Montesi. Overall Concepts and Principles of TINA. Technical Report TB_MDC.018_1.0_94, TINA-C Document, 1995.Google Scholar
  8. 8.
    R.H. Deng, S.K. Bhonsle, W. Wang, and A.A. Lazar. Integrating Security in CORBA Based Object Architectures. In Proceedings of the IEEE Symposium on Security and Privacy, pages 50–61, May 1995.Google Scholar
  9. 9.
    Department of Defense Standard. Trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, December 1985.Google Scholar
  10. 10.
    F. DeRemer and H. Kron. Programming-in-the-Large versus Programming-in-the-Small. IEEE Transactions on Software Engineering, 2(2):80–86, June 1976.Google Scholar
  11. 11.
    M. Gasser. Building a secure computer system. Number ISBN 0-442-23022-2. Van Nostrand Reinhold, 1988.Google Scholar
  12. 12.
    D. Gelernter and N. Carriero. Coordination languages and their significance. Communications of the ACM, 35(2):97–107, 1992.CrossRefGoogle Scholar
  13. 13.
    H.H. Hosmer. Metapolicies II. In Proceedings of the 15th National Computer Security Conference, pages 369–378, 1992.Google Scholar
  14. 14.
    V. Issarny and C. Bidan. Aster: A Framework for Sound Customization of Distributed Runtime Systems. In Proceedings of the Sixteenth IEEE International Conference on Distributed Computing Systems, 1996.Google Scholar
  15. 15.
    V. Issarny, C. Bidan, and T. Saridakis. Designing an open-ended distributed file system in Aster. In Proceedings of the 9th International Conference on Parallel and Distributed Computing Systems, 1996.Google Scholar
  16. 16.
    V. Issarny, C. Bidan, and T. Saridakis. Customizing Middleware to Meet Quality of Service Constraints. Submitted for publication, 1997.Google Scholar
  17. 17.
    P. Janson and R. Molva. Security in open networks and distributed systems. Computer Networks and ISDN Systems, (22):323–346, 1991.Google Scholar
  18. 18.
    B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.CrossRefGoogle Scholar
  19. 19.
    C. E. Landwehr. Formal models for computer security. ACM Computing Surveys, 13(3):247–278, November 1981.CrossRefGoogle Scholar
  20. 20.
    J. Magee, N. Dulay, and J. Kramer. A Constructive Development for Parallel and Distributed Programs. In Proceedings of the International Workshop on Configurable Distributed Systems, 1994.Google Scholar
  21. 21.
    J. McLean. The Algebra of Security. In Proceedings of the 1988 IEEE Computer Society Symposium on Security and Privacy, pages 2–7, April 1988.Google Scholar
  22. 22.
    National Computer Security Center. Trusted network interpretation of the tcsec. Technical Report NCSC-TG-005, July 1987.Google Scholar
  23. 23.
    OMG. The Common Object Request Broker: Architecture and Specification — Revision 2.0. Technical report, OMG Document, 1995.Google Scholar
  24. 24.
    OMG Security Working Group. White Paper on Security. TC Document 94.4.16, OMG, April 1994. Available by ftp at Scholar
  25. 25.
    D. E. Perry and A. L. Wolf. Foundations for the study of software architecture. ACM SIGSOFT Software Engineering Notes, 17(4):40–52, 1992.CrossRefGoogle Scholar
  26. 26.
    J. M. Purtilo. The Polylith software bus. ACM Transactions on Programming Languages and Systems, 16(1):151–174, 1994.CrossRefGoogle Scholar
  27. 27.
    B. Schneier. Applied Cryptography, Second Edition: Protocols, Algorithms and Source Code in C, volume ISBN 0-471-11709-9. John Wiley & Sons, Inc., 1993.Google Scholar
  28. 28.
    M. Shaw, R. DeLine, D. Klein, T. Ross, D. Young, and G. Zelesnik. Abstractions for software architecture and tools to support them. IEEE Transactions on Software Engineering, 21(4):314–335, 1995.CrossRefGoogle Scholar
  29. 29.
    Sun Microsystems Inc. The Java Virtual Machine Specification. Technical report, Sun Document, 1995.Google Scholar
  30. 30.
    L. van Doorn, M. Abadi, M. Burrows, and E. Wobber. Secure Network Objects. In Proceedings of the IEEE Symposium on Security and Privacy, pages 211–221, May 1996.Google Scholar
  31. 31.
    E. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos Operating System. In Proceedings of ACM SIGOPS '93, pages 256–269, 1993.Google Scholar
  32. 32.
    A. M. Zaremski and J. M. Wing. Specification matching of software components. In Proceedings of the ACM SIGSOFT'95 Foundations of Software Engineering Symposium, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • C. Bidan
    • 1
  • V. Issarny
    • 1
  1. 1.IRISA / INRIARennes CedexFrance

Personalised recommendations