Reusable Secure Connectors for Secure Software Architecture
This paper describes the design of reusable secure connectors that are used in the design of secure software architectures for distributed software applications. The secure connectors are designed separately from application components by reusing the appropriate communication pattern between components as well as the security services required by these components. Each secure connector is designed as a composite component that encapsulates both security service components and communication pattern components. Integration of security services and communication patterns within a secure connector is provided by a security coordinator. The main advantage is that secure connectors can be reused in different applications. In this paper, secure connectors are reused in electronic commerce and automated teller machine applications.
KeywordsReusable secure connector Secure software architecture Component-based software architecture Secure software design Message communication patterns Dynamic modeling
Gomaa’s research is supported by the Air Force Office of Scientific Research under grant number FA9550-16-1-0030.
- 1.Al-Azzani, S., Bahsoon, R.: SecArch: Architecture-level evaluation and testing for security. In: Joint Working IEEE/IFIP Conference on Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), August 2012Google Scholar
- 2.Baker, C., Shin M.: Aspect-oriented secure connectors for implementation of secure software architecture. In: International Conference on Software Engineering and Knowledge Engineering (SEKE 2014), Vancouver, 1–3 July 2014Google Scholar
- 3.Banerjee, S., Mattmann, C.A., Medvidovic, N., Golubchik, L.: Leveraging architectural models to inject trust into software systems. In: Proceedings of the ICSE 2005 Workshop on Software Engineering for Secure Systems, St. Louis, Missouri, May 2005Google Scholar
- 4.Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011), Innsbruck, 15–17 June 2011Google Scholar
- 6.Fernandez, E.B.: Security Patterns in Practice. Wiley, New York (2013)Google Scholar
- 8.Gomaa, H., Shin, M.E.: Modeling complex systems by separating application and security concerns. In: 9th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2004), Italy, April 2004Google Scholar
- 9.Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)Google Scholar
- 10.Ren, J., Taylor, R., Dourish, P., Redmiles, D.: Towards an architectural treatment of software security: A connector-centric approach. In: Proceedings of the Workshop on Software Engineering for Secure Systems, St. Louis, Missouri, 15–16 May 2005Google Scholar
- 11.Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns. Wiley, New York (2006)Google Scholar
- 13.Shin, M.E., Malhotra, B., Gomaa, H., Kang, T.: Connectors for secure software architectures. In: 24th International Conference on Software Engineering and Knowledge Engineering (SEKE 2012), San Francisco, 1–3 July 2012Google Scholar
- 14.Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software Architecture: Foundations, Theory, and Practice. Wiley, Chichester (2010)Google Scholar