An approach for modeling and analysis of security system architectures

TitleAn approach for modeling and analysis of security system architectures
Publication TypeJournal Article
Year of Publication2003
AuthorsDeng, Y., J. Wang, J. J. P. Tsai, and K. Beznosov
JournalKnowledge and Data Engineering, IEEE Transactions on
Pagination1099 - 1119
Date Publishedsep.
Keywordsaccess control, application-level authorization service, authorisation, case study, constraint patterns, distributed processing, distributed resources, formal architectural modeling, formal verification, global security constraints, incremental process, networked environment, OMG standard, Petri nets, Resource Access Decision Facility, secure access, security constraint patterns, security policies, security system architectures, security system design, system architecture, systematic approach, temporal logic

Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. In particular, the composition of the systems must consistently assure security policies that it is supposed to enforce. However, there is currently no rigorous and systematic way to predict and assure such critical properties in security system design. A systematic approach is introduced to address the problem. We present a methodology for modeling security system architecture and for verifying whether required security constraints are assured by the composition of the components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.


a place of mind, The University of British Columbia

Electrical and Computer Engineering
2332 Main Mall
Vancouver, BC Canada V6T 1Z4
Tel +1.604.822.2872
Fax +1.604.822.5949

Emergency Procedures | Accessibility | Contact UBC | © Copyright 2021 The University of British Columbia