Advertisement

Revisiting Architectural Tactics for Security

  • Eduardo B. FernandezEmail author
  • Hernán Astudillo
  • Gilberto Pedraza-García
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9278)

Abstract

Architectural tactics are design decisions intended to improve some system quality factor. Since their initial formulation, they have been formalized, compared with patterns and associated to styles, but the initial set of tactics for security has only been refined once. We have examined this tactics set and classification from the viewpoint of security research, and concluded that some tactics would be better described as principles or policies, some are not needed, and others do not cover the functions needed to secure systems, which makes them not very useful for designers. We propose here a refined set and classification of architectural tactics for security, which we consider more appropriate than the original and the previously refined sets. We also suggest how to realize them using security patterns.

Keywords

Architecture tactics Secure architectures Security patterns Secure software development 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bagheri, H., Sullivan, K.: A formal approach for incorporating architectural tactics into the software architecture. In: Procs. of SEKE, pp. 770–775 (2011)Google Scholar
  2. 2.
    Bass, L., Clements, P., Kazman, R.: Software architecture in practice, 2nd edn. Addison-Wesley (2003)Google Scholar
  3. 3.
    Bass, L., Clements, P., Kazman, R.: Software architecture in practice, 3rd edn. Addison-Wesley (2012)Google Scholar
  4. 4.
    Buschmann, F., Meunier, R., Rohnert, H., Sommerland, P., Stal, M.: Pattern-oriented Software Architecture. Wiley (1996)Google Scholar
  5. 5.
    Cañete, J.M.: Annotating problem diagrams with architectural tactics for reasoning on quality requirements. Information Proc. Letters 112, 656–661 (2012)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: NFRs in software engineering. Kluwer Acad. Publ., Boston (2000)zbMATHGoogle Scholar
  7. 7.
    Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: A methodology to develop secure systems using patterns. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Vision, chapter 5, pp. 107–126. IDEA Press (2006)Google Scholar
  8. 8.
    Fernandez, E.B., Yoshioka, N., Washizaki, H., VanHilst, M.: An approach to model-based development of secure and reliable systems. In: Procs. Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22–26Google Scholar
  9. 9.
    Fernandez, E.B., Astudillo, H.: Should we use tactics or patterns to build secure systems? In: First International Symposium on Software Architecture and Patterns, in conjunction with the 10th Latin American and Caribbean Conference for Engineering and Technology, Panama City, Panama, July, 23–27, 2012Google Scholar
  10. 10.
    Fernandez, E.B.: Security patterns in practice - Designing Secure Architectures Using Software Patterns, Wiley Series on Software Design Patterns (June 2013)Google Scholar
  11. 11.
    Fernandez, E.B., Yoshioka, N., Washizaki, H., Yoder, J.: Abstract security patterns for requirements specification and analysis of secure systems. In: Procs. of the WER 2014 Conference, a Track of the 17th Ibero-American Conf. on Soft. Eng. (CIbSE 2014), Pucon, Chile, April 2014Google Scholar
  12. 12.
    Fernandez, E.B., Monge, R., Carvajal, R., Encina, O., Hernandez, J., Silva, P., R.: Patterns for Content-Dependent and Context-Enhanced Authorization. In: Proceedings of 19th European Conference on Pattern Languages of Programs, Germany, July 2014Google Scholar
  13. 13.
    Gallego, B., Muñoz, A., Maña, A., Serrano, D.: Security patterns, towards a further level. In: Procs. SECRYPT, pp. 349–356 (2009)Google Scholar
  14. 14.
    Gollmann, D.: Computer security, 2nd edn. Wiley (2006)Google Scholar
  15. 15.
    Harrison, N.B., Avgeriou, P.: How do architecture patterns and tactics interact? A model and annotation. The Journal of Systems and Software 83, 1735–1758 (2010)CrossRefGoogle Scholar
  16. 16.
    Kim, S., Kim, D.-K., Lu, L., Park, S.: Quality-driven architecture development using architectural tactics. Journal of Systems and Software (2009)Google Scholar
  17. 17.
    Neumann, P.G.: Principled assuredly trustworthy composable architectures. Final SRI report to DARPA, December 28, 2004Google Scholar
  18. 18.
    Preschern, C.: Catalog of Security Tactics linked to Common Criteria Requirements. In: Procs. of PLoP (2012)Google Scholar
  19. 19.
    Ray, I., France, R.B., Li, N., Georg, G.: An aspect-based approach to modeling access control concerns. Inf. & Soft. Technology 9, 575–587 (2004)CrossRefGoogle Scholar
  20. 20.
    Ryoo, J., Laplante, P., Kazman, R.: A methodology for mining security tactics from security patterns. In: Procs. of the 43rd Hawaii International Conference on System Sciences (2010). http://doi.ieeecomputersociety.org/10.1109/HICSS.2010.18
  21. 21.
    Ryoo, J., Laplante, P., Kazman, R.: Revising a security tactics hierarchy through decomposition, reclassification, and derivation. In: 2012 IEEE Int. Conf. on Software Security and Reliability Companion, pp. 85–91Google Scholar
  22. 22.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Procs. of the IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  23. 23.
    Shapiro, J.S., Hardy, N.: EROS: A Principle-Driven Operating System from the Ground Up. IEEE Software, January/February 2002Google Scholar
  24. 24.
    Taylor, R.N., Medvidovic, N., Dashofy, N.: Software Architecture: Foundation, Theory, and Practice. Wiley (2010)Google Scholar
  25. 25.
    Uzunov, A.V., Fernandez, E.B., Falkner, K.: Engineering Security into Distributed Systems: A Survey of Methodologies. Journal of Universal Computer Science 18(20), 2920–3006Google Scholar
  26. 26.
    Uzunov, A.V., Fernandez, E.B., Falkner, K.: ASE: A Comprehensive Pattern-Driven Security Methodology for Distributed Systems. Journal of Computer Standards & Interfaces (2015). http://dx.doi.org/10.1016/j.csi.2015.02.011
  27. 27.
    Uzunov, A.V., Fernandez, E.B.: Cryptography-based security patterns and security solution frames for networked and distributed systems (submitted for publication)Google Scholar
  28. 28.
    VanHilst, M., Fernandez, E.B., Braz, F.: A multidimensional classification for users of security patterns. Journal of Res. and Practice in Information Technology 41(2), 87–97 (2009)Google Scholar
  29. 29.
    Washizaki, H., Fernandez, E.B., Maruyama, K., Kubo, A., Yoshioka, N.: Improving the classification of security patterns. In: Procs. of the Third Int. Workshop on Secure System Methodologies using Patterns (SPattern 2009)Google Scholar
  30. 30.
    Woods, E., Rozanski, N.: Using architectural perspectives. In: Procs. of the 5th Working IEEE/IFIP Conference on Software Architecture (WICSA 2005)Google Scholar
  31. 31.
    Rozanski, N., Woods, E.: Software systems architecture: working with stakeholders using viewpoints and perspectives, 2nd edn. Addison-Wesley Educational Publishers (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Eduardo B. Fernandez
    • 1
    Email author
  • Hernán Astudillo
    • 2
  • Gilberto Pedraza-García
    • 3
    • 4
  1. 1.Florida Atlantic UniversityBoca RatonUSA
  2. 2.Departamento de InformáticaUniversidad Técnica Federico Santa MaríaValparaísoChile
  3. 3.Universidad de Los AndesBogotáColombia
  4. 4.Programa de Ingeniería de SistemasUniversidad Piloto de ColombiaBogotáColombia

Personalised recommendations