The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2010 vol.8)
pp: 43-49
Lutz Wrage , Software Engineering Institute, Carnegie Mellon University
Peter H. Feiler , Software Engineering Institute, Carnegie Mellon University
John Morley , Software Engineering Institute, Carnegie Mellon University
Bruce Lewis , Software Engineering Institute, Carnegie Mellon University
Jérôme Hugues , Institut Telecom, ParisTech, France
ABSTRACT
The modeling of system quality attributes, including security, is often done with low-fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models typically aren't maintained or documented throughout the life cycle and make it difficult to obtain a system view. However, a single-source architecture model annotated with analysis-specific information lets designers reflect changes in the various analysis models with little effort. This approach also lets designers conduct adequate trade-off analyses and evaluate architectural variations prior to system realization. This article describes how model-based development using the Architecture Analysis and Design Language (AADL) and compatible analysis tools provides the platform for multidimensional, multifidelity analysis and verification.
INDEX TERMS
security, verification, architectural modeling, AADL, Architecture Analysis and Design Language
CITATION
Lutz Wrage, Peter H. Feiler, John Morley, Bruce Lewis, Jérôme Hugues, "Architectural Modeling to Verify Security and Nonfunctional Behavior", IEEE Security & Privacy, vol.8, no. 1, pp. 43-49, January/February 2010, doi:10.1109/MSP.2009.143
REFERENCES
1. The Economic Impacts of Inadequate Infrastructure for Software Testing, NIST planning report 02-3, US Nat'l Inst. Standards and Tech., May 2002; www.nist.gov/director/prog-ofcreport02-3.pdf .
2. D. Galin, Software Quality Assurance: From Theory to Implementation, Pearson/Addison-Wesley, 2004.
3. B.W. Boehm, Software Engineering Economics, Prentice Hall, 1981.
4. J.B. Dabney, "Return on Investment of Independent Verification and Validation Study Preliminary Phase 2B Report," NASA, 2003; http://sarpresults.ivv.nasa.gov/ViewResearch/ 1724.jsp.
5. SAE Standards: Architecture Analysis &Design Language (AADL), AS5506, SAE Int'l, Nov. 2004; www.sae.org/technical/standards/AS55061.
6. P.H. Feiler, D.P. Gluch, and J.J. Hudak, The Architecture Analysis &Design Language (AADL): An Introduction, tech. report CMU/SEI-2006-TN-011, Software Eng. Inst., Carnegie Mellon Univ., 2006.
7. D.E. Bell and L.J. La Padula, Secure Computer Systems: Mathematical Foundations, MITRE tech. report 2547, vol. 1, MITRE, 1973; www.albany.edu/acc/courses/ia/classicsbelllapadula1.pdf .
8. D.E. Bell and L.J. La Padula, Secure Computer Systems: Unified Exposition and MULTICs Interpretation, MITRE tech. report ESD-TR-75-306, MITRE, 1976; http://csrc.nist.gov/publications/history bell76.pdf.
9. K.J. Biba, Integrity Considerations for Secure Computer Systems, MITRE tech. report MTR-3153, MITRE, Apr. 1977.
10. D.C. Brewer and M.J. Nash, "The Chinese Wall Security Policy," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 1989, pp. 206−214; www.gammassl.co.uk/topicschinesewall.html.
11. T.Y. Lin, "Chinese Wall Security Policy—An Aggressive Model," Proc. 5th Aerospace Computer Security Application Conf., IEEE Press, 1989, pp. 282–289; http://ieeexplore.ieee.org/iel5/7100/19131 00884701.pdf.
12. D. Ferraiolo and R. Kuhn, "Role-Based Access Control," Proc. 15th Nat'l Computer Security Conf., US Nat'l Inst. Standards and Tech., 1992, pp. 554–563; http://csrc.nist.gov/rbacferraiolo-kuhn-92.pdf .
13. J. Alves-Foss et al., "The MILS Architecture for High-Assurance Embedded Systems," Int'l J. Embedded Systems, vol. 2, nos. 3–4, 2006, pp. 239–247.
14. J. Zhou and J. Alves-Foss, "Security Policy Refinement and Enforcement for the Design of Multi-Level Secure Systems," J. Computer Security, vol. 16, no. 2, 2008, pp. 107–131.
15. J. Mc Lean, "Security Models," Encyclopedia of Software Engineering 2, John Wiley &Sons, 1994, pp. 1136–1145.
16. A. Zakinthinos, On the Composition of Security Properties, PhD dissertation, Dept. Electrical and Computer Eng., Univ. Toronto, Mar. 1996.
17. Avionics Application Software Standard Interface, ARINC 653 Standard Document, Arinc, Mar. 2006; www.arinc.com.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool