SETER: Towards Architecture-Model Based Security Engineering

SETER: Towards Architecture-Model Based Security Engineering

Ayda Saidane (University of Luxembourg, Luxembourg) and Nicolas Guelfi (University of Luxembourg, Luxembourg)
Copyright: © 2012 |Pages: 27
DOI: 10.4018/jsse.2012070102
OnDemand PDF Download:
No Current Special Offers


The quality of software systems strongly depends on their architecture. For this reason, taking into account security requirements at the architecture level is crucial for the success of secure software development. Today, systems are permanently evolving due to customer needs, technology evolution or maintenance constraints. Thus, a resilient secure system is expected to evolve towards more satisfaction of its security requirements (Guelfi 2011). In particular, such evolution process should identify and eliminate faults and vulnerabilities during the development process or runtime. This study focuses on the design phases and aims to propose a resilient software engineering process guaranteeing the development of secure systems that satisfy their critical requirements. During the development process, the system is expected to evolve until reaching satisfactory compliance against its requirements. The satisfaction computation is based on the quantification of failures and degradations. In this paper, the authors propose a novel architecture model-based security testing approach for identifying faults and vulnerabilities. The originality of the proposal resides in the usage of the architecture model for security testing and in coupling security requirements with threat model for generating both security functional test cases and malicious test cases. The assessment of the security requirements’ satisfaction and the overall system resilience is based on the test traces analysis. Throughout this study, a client-server system is used as a running example for illustrating the approach.
Article Preview

2. Motivations And Contributions

Software architecture description languages provide a detailed view on the system’s components, their interfaces and their interactions. We have in such models enough information to derive test cases relevant for the security properties of interest. What could be expected from testing the architecture model is the elicitation of attack scenarios exploiting some architecture level threats, like covert channels, and also lower level vulnerabilities, such as unchecked user input, by locating their activation and manifestation points. More importantly, architecture level vulnerabilities can be identified only by exploiting the architecture model for test generation as they don’t appear in the detailed design test models. However, we don’t find in the literature any research work on security test generation from the architecture model.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing