Component-based software development (CBSD) offers many advantages like reduced product time to market, reduced complexity and cost etc. Despite these advantages its wide scale utilization in developing security critical systems is currently hampered because of lack, of suitable design techniques to efficiently manage the complete system security concerns in the development process. The use of commercial of the shelf (COTS) components can introduce various security and reliability risks in the system. In this paper we propose a methodology for efficient management of all the system security concerns involved in the design of component based systems. Our methodology is based on formally representing the system security specifications and component capabilities. We identify the metrics for correlating both and suggest extensions to a previously proposed software development process, for selection of suitable components and integration mechanisms. The proposed solution ensures due treatment of all the security concerns for the complete system in the acquisition efforts.
A. Masood et al., "Efficiently Managing Security Concerns in Component Based System Design," Proceedings of the 29th Annual IEEE Computer Software and Applications Conference (2005, Edinburgh, Scotland), vol. 1, pp. 164-169, Institute of Electrical and Electronics Engineers (IEEE), Jul 2005.
The definitive version is available at https://doi.org/10.1109/COMPSAC.2005.71
29th Annual International Computer Software and Applications Conference (2005: Jul. 26-28, Edinburgh, Scotland)
Electrical and Computer Engineering
Keywords and Phrases
Component Based System Design; Component-Based Software Development (CBSD); Formal Representation; Formal Specification; Object-Oriented Programming; Security Critical Systems; Security Management; Security of Data; Software Metrics; Software Reliability; System Reliability; System Security Specification; Reliability Risks; Computational Complexity; Computer Software; Reliability Theory; Systems Analysis
International Standard Book Number (ISBN)
International Standard Serial Number (ISSN)
Article - Conference proceedings
© 2005 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.
01 Jul 2005