This Article 
 Bibliographic References 
 Add to: 
An Approach for Modeling and Analysis of Security System Architectures
September/October 2003 (vol. 15 no. 5)
pp. 1099-1119

Abstract—Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. In particular, the composition of the systems must consistently assure security policies that it is supposed to enforce. However, there is currently no rigorous and systematic way to predict and assure such critical properties in security system design. In this paper, a systematic approach is introduced to address the problem. We present a methodology for modeling security system architecture and for verifying whether required security constraints are assured by the composition of the components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.

[1] J. Barkley, Implementing Role-Based Access Control Using Object Technology Proc. First ACM Workshop Role-Based Access Control, pp. 93-98, 1995.
[2] J. Barkley and K. Beznosov et al., Supporting Relationships in Access Control Using Role Based Access Control Proc. ACM Role-Based Access Control Workshop, pp. 55-65, 1999.
[3] K. Beznosov, and Y. Deng et al. A Resource Access Decision Service for CORBA-Based Distributed Systems Proc. Ann. Computer Security Applications Conf., pp. 310-319, 1999.
[4] P. Bieber, and N. Boulahia-Cuppens, Formal Verification of Authentication Protocols Proc. BCS-FACS Sixth Refinement Workshop, 1994.
[5] B. Blakley, CORBA Security: An Introduction to Safe Computing with Objects. Addison-Wesley, 1999.
[6] D. Bolignano, Towards a Mechanization Cryptographic Protocol Verification Lecture Notes in Computer Science, vol. 1254, p. 131, 1997.
[7] G. Booch, Object-Oriented Analysis and Design with Applications, Addison-Wesley, Reading, Mass., 1994.
[8] R. Boyer and J. Moore, A Computational Logic. New York: Academic Press, 1979.
[9] M. Burrows, M. Abadi, and R. Needham, "A logic of authentication," ACM Trans. Computer Systems, vol. 8, no. 1, pp. 18-36, Feb. 1990. Also see Research Report no. 39, DEC SRC, 48 pp., 1989.
[10] L.S. Cauman, First-Order Logic. Berlin: Walter de Gruyter, 1998.
[11] E.M. Clarke, O. Grumberg, and D.E. Long, "Model Checking and Abstraction," ACM Trans. Programming Language Systems, vol. 16, no. 5, pp. 1,512-1,542, Sept. 1994.
[12] Y. Deng and J. Wang, Integrated Architectural Modeling and Analysis for High-Assurance Command and Control System Design Annals Software Eng., vol. 7, pp. 47-70, 1999.
[13] Y. Deng and C.R. Yang, Architecturedriven Modeling of Real-Time Concurrent Systems with Application in FMS J. Systems and Software, vol. 45, pp. 61-78, 1999.
[14] E.A. Emerson and A.P. Sistla, "Symmetry and Modelchecking," Proc. Fifth Int'l Computer-Aided Verification Conf., Lecture Notes in Computer Science 697, pp. 463-478, Springer-Verlag, 1993.
[15] R. Filman and T. Linden, SafeBots: A Paradigm for Software Security Controls Proc. New Security Paradigms Workshop, pp. 45-51, 1996.
[16] M. Fitting, First-Order Modal Tableaux J. Automated Reasoning, vol. 4, pp. 191-213, 1988.
[17] H.J.G. Genrich, High-Level Nets Fundamentals Proc. Advances in Petri Nets 1990, pp. 207-247, 1990.
[18] F. Gittler and A.C. Hopkins, The DCE Security Service Hewlett-Packard J., vol. 46, no. 6, pp. 41-48, 1995.
[19] L.M. Gong et al. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. Proc. USENIX Symp. Internet Technologies and Systems, pp. 103-112, 1997.
[20] I.M. Graham, Migrating to Object Technology, Addison-Wesley, Reading, Mass., 1995.
[21] B. Hailpern and H. Ossher, "Extending Objects to Support Multiple Interfaces and Access Control," IEEE Trans. Software Eng., pp. 1,247-1,257, Nov. 1990.
[22] J. Hale et al., Security Policy Coordination for Heterogeneous Information Systems Proc. Ann. Computer Security Applications Conf., pp. 219-228, 1999.
[23] X. He, F. Zeng, and Y. Deng, Specifing Software Architectural Connectors in SAM Proc. 11th Int'l Conf. Software Eng. and Knowledge Eng., 1999.
[24] R.A. Kemmerer, Analyzing Encryption Protocols Using Formal Verification Techniques IEEE J. Selected Areas in Comm., vol. 7, no. 4, pp. 448-457, 1989.
[25] C. Lai et al., User Authentication and Authorization in the Java Platform Proc. Ann. Computer Security Applications Conf., pp. 285-290, 1999.
[26] G. Lowe, An Attack on the Needham-Schroeder Public-Key Protocol Information Processing Letters, 1995.
[27] C. Meadows, Applying Formal Methods to the Analysis of a Key Management Protocol J. Computer Security, pp. 5-36, 1992.
[28] B. Meyer,Object-Oriented Software Construction. Englewood Cliffs, NJ: Prentice-Hall, 1988.
[29] T.J. Mowbray and W.A. Ruh, Inside CORBA - Distributed Object Standards and Applications. Addison-Wesley, 1997.
[30] T. Murata, “Petri Nets: Properties, Analysis and Application,” Proc. IEEE, vol. 77, no. 4, 1989.
[31] OMG. CORBAservices: Common Object Services Specification, Security Service Specification. Object Management Group, 1996.
[32] J.R. Putman, Architecturing with RM-ODP. Prentice Hall PTR, 2001.
[33] D. Kagaris, F. Makedon, and S. Tragoudas, A Method for Pseudo-Exhaustive Test Pattern Generation IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 13, no. 9, pp. 1170-1178, 1994.
[34] C.L. Chang, R.A. Stachowitz, and J.B. Combs, “Validation of Nonmonotonic Knowledge-Based Systems,” Proc. IEEE Int'l Conf. Tools for Artificial Intelligence, Nov. 1990.
[35] R.S. Sandhu et al., "Role-Based Access Control Models," Computer, Feb. 1996, pp. 38-47.
[36] N. Sadegh, "A Perceptron Network for Functional Identification and Control of Nonlinear Systems," IEEE Trans. Neural Networks, Vol. 4, No. 6, Nov. 1993, pp. 982-988.
[37] S. Schneider, Verifying Authentication Protocols in CSP IEEE Trans. Software Eng., vol. 24, no. 9, pp. 741-758, Sept. 1998.
[38] B. Thuraisingham and W. Ford, Security Constraint Processing in a Multilevel Secure Distributed Database Management System IEEE Trans. Knowledge and Data Eng., vol. 7, no. 2, pp. 274-293, Apr. 1995.
[39] J. Wang and Y. Deng, Incremental Modeling and Verification of Flexible Manufacturing Systems J. Intelligent Manufacturing, vol. 10, no. 6, pp. 485-502, 1999.
[40] J. Wang, X. He, and Y. Deng, Introducing Software Architecture Specification and Analysis in SAM through an Example Information and Software Technology, vol. 41, no. 7, pp. 451-467, 1999.
[41] J. Wang, G. Xu, and Y. Deng, Reduction Rules for Components in SAM Proc. Fifth Int'l Conf. Integrated Design and Process Technology, 2000.
[42] J. Warmer and A. Kleppe, The Object Constraint Language. Boston: Addison-Wesley, 1998.
[43] T.Y.C. Woo and S.S. Lam, Designing a Distributed Authorization Service Proc. IEEE INFOCOM, 1998.
[44] M.E. Zurko et al., A User-Centered, Modular Authorization Service Built on an RBAC Foundation Proc. Ann. Computer Security Applications Conf., 1998.

Index Terms:
Software security, security system architecture, access control, authorization service, formal architectural modeling, constraint patterns, formal verification, Petri nets, temporal logic.
Yi Deng, Jiacun Wang, Jeffrey J.P. Tsai, Konstantin Beznosov, "An Approach for Modeling and Analysis of Security System Architectures," IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 5, pp. 1099-1119, Sept.-Oct. 2003, doi:10.1109/TKDE.2003.1232267
Usage of this product signifies your acceptance of the Terms of Use.