Litcius/Paper detail

Enforcing Architectural Security Decisions

Stefanie Jasser

202011 citationsDOI

Abstract

Software architects should specify security measures for a software system on an architectural level. However, the implementation often diverges from this intended architecture including its security measures. This may lead to severe vulnerabilities that have a wide impact on the system and are hard to fix afterwards. In this paper, we propose an approach for checking the implementation's conformance with the defined security measures using architectural security rules: We extend a controlled natural language approach to formalize these rules and use dynamic analysis techniques to extract information on the actual system behavior for the conformance check. We evaluate our approach by an industrial case study to show the applicability and flexibility of our conformance checking approach.

Topics & Concepts

Computer scienceFlexibility (engineering)Conformance checkingArchitectural patternSoftware engineeringSoftware security assuranceSoftware architectureModel checkingSoftwareArchitectureSoftware systemComputer securityInformation securityProgramming languageSoftware constructionSecurity serviceEngineeringStatisticsBusiness processChemical engineeringVisual artsBusiness process modelingArtCompatibility (geochemistry)MathematicsSoftware Engineering ResearchAdvanced Software Engineering MethodologiesSoftware Reliability and Analysis Research