DPS: An Architectural Style for Development of Secure Software
Many claim that software systems must be designed for security. This, however, is far from being an easy task, especially for complex systems. We believe that this difficulty can be alleviated by a set of —preferably rigorous— principles. We propose an architectural style, the Dual Protection Style (DPS), for constructing secure software. This style results from our experience in designing and implementing a distributed, multi-user, medium sized application. We present the applicability and effectiveness of our DPS style on the basis of a case study of a distributed software platform for virtual and mobile team collaboration called Motion. We further elaborate on the description of this architectural style, its formalization and the formal verification of some of its properties.
KeywordsAuthorization and Access Control Security Engineering Formal Methods Software Architecture Architectural Style Alloy
Unable to display preview. Download preview PDF.
- 1.Lee Badger, Daniel F. Sterne, David L. Sherman, and Kenneth M. Walker. A domain and type enforcement UNIX prototype. USENIX Computing Systems, 9(1):47–83, 1996.Google Scholar
- 2.C.A.R Hoare. Communicating Sequential Processes. Prentice Hall, 1985.Google Scholar
- 3.Premkumar Devanbu and Stuart Stubblebine. Software engineering for security: a roadmap. In ICSE 2000 Special Volume on The Future of Software Engineering, 2000.Google Scholar
- 4.Antoni Diller. Z:An Introduction To Formal Methods. Oreilly, Mai 1996.Google Scholar
- 5.Pascal Fenkam, Harald Gall, and Mehdi Jazayeri. Visual Requirements Validation: Case Study in a Corba-supported environment. In Proceedings of the 10th IEEE Joint International RequirementsEngineering Conference, Essen, Germany, page to appear, September 2002.Google Scholar
- 6.Pascal Christian Fenkam. Dynamic user management system for web sites. Master’s thesis, Graz University of Technology and Vienna University of Technology, September 2000. Available from http//www.ist.tu-graz.ac.at/publications.
- 8.GMD. Xql ipsi, http://xml.darmstadt.gmd.de/xql/, 2002.
- 9.Anthony Hall and Roderick Chapman. Correctness by construction: Developing a commercial secure system. IEEE Software, pages 18–25, February 2002.Google Scholar
- 10.Michael Howard and David LeBlanc. Writing Secure Code. Microsoft Press, 2001.Google Scholar
- 11.Daniel Jackson. Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering Methododlogy, 11(2), April 2002.Google Scholar
- 12.Daniel Jackson. Automatic analysis of architectural styles. Technical report, MIT Laboratory for Computer Sciences, Software Design Group, Unpublished Manuscript. Available at http://sdg.lcs.mit.edu/ dnj/publications.html.
- 13.Kernighan and Pike. The Unix Programming Environment. Prentice Hall, April 1984.Google Scholar
- 14.Engin Kirda, Pascal Fenkam, Gerald Reif, and Harald Gall. A service architecture for mobile teamwork. In Proceedings of the 14th International Conference on Software Engineering Conference and Knowledge Engineering Ischia, ITALY, July 2002.Google Scholar
- 15.Charlie Lai, Li Gong, larry Koved, Anthony Nadalin, and Roland Schemers. User Authentication and Authorization in The Java Platform. In Proceedings of the 15thA nnual Computer Security Conference, Phoenix, AZ, December 1999.Google Scholar
- 16.Marry Shaw and David Garlan. Software Architecture-Perspectives on an Emerging Discipline. Prentice Hall, 1996.Google Scholar
- 17.Gary McGraw. Penetrate and patch is bad. IEEE Software, pages 15–16, February 2002.Google Scholar
- 18.Gary McGraw and Edward W. Felten. Securing Java, Getting Down to Business with Mobile Code. John Wiley and Sons, Inc, 1999.Google Scholar
- 19.Gian Pietro Picco and Gianpaolo Cugola. PeerWare: Core Middleware Support for Peer-To-Peer and Mobile Systems. Technical report, Dipartimento di Electronica e Informazione, Politecnico di Milano, 2001.Google Scholar
- 20.Nico Plat and Peter Gorm Larsen. An Overview of the ISO/VDM-SL Standard. In ACM SIGPLAN Notices. ACM SIGPLAN, September 1992.Google Scholar
- 21.Gerald Reif, Engin Kirda, Harald Gall, Gian Pietro Picco, Gianpaola Cugola, and Pascal Fenkam. A web-based peer-to-peer architecture for collaborative nomadic working. In 10th IEEE Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), Boston, MA, USA. IEEE Computer Society Press, June 2001.Google Scholar
- 22.Michael P. Ressler. Security sensitive software development. In IEEE International Carnahan Conference on Security Technology (ICCST), 1989.Google Scholar
- 23.Sun Microsystem. Security code guidelines. Technical report, Sun Microsystem, February 2000. Available at http://java.sun.com/security/seccodeguide.html.
- 24.The Institute of Applied Computer Science, IFAD. The IFAD VDM Toolbox. IFAD Danemark, 1999. Available from http://www.ifad.dk.
- 25.The Open Group. Guide to Security Patterns, Draft 1. The Open Group, April 2002. Available at http://www.opengroup.org.
- 26.Frank Tip and Jens Palsberg. Scalable Propagation-based Call Graph Construction Algorithms. In Proceedings of the ACM Conference on Object Oriented Programming Systems, Languages and Applications (OOPSLA 2000). ACM Press, October 2000.Google Scholar
- 27.John Viega and Gary McGraw. Building Secure Software, How to Avoid Security Problems the Right Way. Addison Wesley Professional Computing Series, 2002.Google Scholar
- 28.Joseph Yoder and Jeffrey Barcalow. Architectural patterns for enabling application security. In Proceedings of the Pattern Languages of Programming (PLoP) Workshop, September 1997.Google Scholar