Designing Secure Systems Based on Open Architectures with Open Source and Closed Source Components

  • Walt Scacchi
  • Thomas A. Alspaugh
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 378)


The development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of both open source and closed software software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring their interfaces, interconnections and configuration. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We are developing an approach for understanding and modeling software security requirements as security licenses, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software Intellectual Property (IP) licenses to now address software security licenses that can be associated with secure OA systems.


Open Architecture Software Security Software License Open APIs Security Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alspaugh, T.A., Antón, A.I.: Scenario support for effective requirements. Information and Software Technology 50(3), 198–220 (2008)CrossRefGoogle Scholar
  2. 2.
    Alspaugh, T.A., Asuncion, H.U., Scacchi, W.: Analyzing software licenses in open architecture software systems. In: 2nd International Workshop on Emerging Trends in FLOSS Research and Development (FLOSS), pp. 1–4 (May 2009)Google Scholar
  3. 3.
    Alspaugh, T.A., Asuncion, H.U., Scacchi, W.: Intellectual property rights requirements for heterogeneously-licensed systems. In: 17th IEEE International Requirements Engineering Conference (RE 2009), pp. 24–33 (2009)Google Scholar
  4. 4.
    Alspaugh, T.A., Asuncion, H.U., Scacchi, W.: Presenting software license conflicts through argumentation. In: 23rd International Conference on Software Engineering and Knowledge Engineering (SEKE 2011), pp. 509–514 (July 2011)Google Scholar
  5. 5.
    Alspaugh, T.A., Asuncion, H.U., Scacchi, W.: The challenge of heterogeneously licensed systems in open architecture software ecosystems. In: Jansen, S., Cusumano, M., Brinkkemper, S. (eds.) Software Ecosystems: Analyzing and Managing Business Networks in the Software Industry (to appear, 2012)Google Scholar
  6. 6.
    Alspaugh, T.A., Scacchi, W., Asuncion, H.U.: Software licenses in context: The challenge of heterogeneously-licensed systems. Journal of the Association for Information Systems 11(11), 730–755 (2010)Google Scholar
  7. 7.
    Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)Google Scholar
  8. 8.
    Breaux, T.D., Anton, A.I.: Analyzing goal semantics for rights, permissions, and obligations. In: 13th IEEE International Requirements Engineering Conference (RE 2005), pp. 177–188 (2005)Google Scholar
  9. 9.
    Breaux, T.D., Anton, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)CrossRefGoogle Scholar
  10. 10.
    Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet dossier. Technical report, Symantec (October 2010),
  11. 11.
    Feldt, K.: Programming Firefox: Building Rich Internet Applications with XUL. O’Reilly Media, Inc. (2007)Google Scholar
  12. 12.
    Firesmith, D.: Specifying reusable security requirements. Journal of Object Technology 3(1), 61–75 (2004)CrossRefGoogle Scholar
  13. 13.
    Fontana, R., Kuhn, B.M., Moglen, E., Norwood, M., Ravicher, D.B., Sandler, K., Vasile, J., Williamson, A.: A legal issues primer for open source and free software projects. Technical report, Software Freedom Law Center (March 2008)Google Scholar
  14. 14.
    German, D.M., Hassan, A.E.: License integration patterns: Addressing license mismatches in component-based development. In: 28th International Conference on Software Engineering (ICSE 2009), pp. 188–198 (May 2009)Google Scholar
  15. 15.
    Hohfeld, W.N.: Some fundamental legal conceptions as applied in judicial reasoning. Yale Law Journal 23(1), 16–59 (1913)CrossRefGoogle Scholar
  16. 16.
    Kuhl, F., Weatherly, R., Dahmann, J.: Creating computer simulation systems: an introduction to the high level architecture. Prentice-Hall (1999)Google Scholar
  17. 17.
    Meyers, B.C., Oberndorf, P.: Managing Software Acquisition: Open Systems and COTS Products. Addison-Wesley Professional (2001)Google Scholar
  18. 18.
    Nelson, L., Churchill, E.F.: Repurposing: Techniques for reuse and integration of interactive systems. In: International Conference on Information Reuse and Integration (IRI-08), p. 490 (2006)Google Scholar
  19. 19.
    Oreizy, P.: Open Architecture Software: A Flexible Approach to Decentralized Software Evolution. PhD thesis, University of California, Irvine (2000)Google Scholar
  20. 20.
    Rosen, L.: Open Source Licensing: Software Freedom and Intellectual Property Law. Prentice Hall (2005)Google Scholar
  21. 21.
    Scacchi, W., Alspaugh, T.A.: Emerging issues in the acquisition of open source software within the U.S. Department of Defense. In: 5th Annual Acquisition Research Symposium, pp. 230–214 (May 2008)Google Scholar
  22. 22.
    Yau, S.S., Chen, Z.: A Framework for Specifying and Managing Security Requirements in Collaborative Systems. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds.) ATC 2006. LNCS, vol. 4158, pp. 500–510. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Walt Scacchi
    • 1
  • Thomas A. Alspaugh
    • 1
  1. 1.Institute for Software ResearchUniversity of CaliforniaIrvineUSA

Personalised recommendations