Reusable formal models for secure software architectures

Heyman, Tom; Scandariato, Riccardo; Joosen, Wouter

Reusable formal models for secure software architectures

Publikationstyp

Conference Paper

Date Issued

2012-08

Sprache

English

Author(s)

Heyman, Tom

Scandariato, Riccardo

Joosen, Wouter

TORE-URI

http://hdl.handle.net/11420/14965

Start Page

41

End Page

50

Article Number

6337760

Citation

Joint Working IEEE/IFIP Conference on Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012: 6337760, 41-50 (2012-12-12)

Contribution to Conference

10th Working IEEE/IFIP Conference on Software Architecture, WICSA 2012

Publisher DOI

10.1109/WICSA-ECSA.212.12

Scopus ID

2-s2.0-84870686903

Publisher

IEEE

Formal modelling techniques are often disregarded as their semantics are too distant from the mainstream practice of software architecture design, which is dominated by the use of component based modelling and patterns. This paper advocates the need for formal modelling techniques for humans, i.e., software architects who need to precisely ascertain the security properties of their design models. We contribute a technique that enables architects to more easily construct verified, secure architecture designs by assembling already verified security pattern models. Our approach is illustrated with a pattern language for accountability. It is validated by an observational study that shows that the approach produces reusable results, and is able to uncover relevant architectural security flaws.

Subjects

modelling

security patterns

software architecture

DDC Class

004: Informatik

Options

Reusable formal models for secure software architectures