Architecture-based Security & Trust

Traditional security research has focused on how to provide assurance of confidentiality, integrity, and availability. However, most security vulnerabilities result from poor software design and implementation: for a whole system to be secure, all relevant components must collaborate to ensure the security of the system. Thus, approaches to designing secure software are needed, not just from a traditional cryptology viewpoint, but from a software engineering perspective. — Jie Ren

Concepts

Most security vulnerabilities result from poor software design and implementation. A more disciplined approaches to utilizing existing technologies may significantly improve the security of a complex, componentized, and networked software systems.

Security is an emergent property, so it is insufficient for a component to be secure. For the whole system to be secure, all relevant components must collaborate to ensure the security of the system.

Decentralized systems have no central authority, parties (or peers) making up the system must make local, autonomous decisions based on their individual goals. This introduces a need for determining trust between peers in a system. Trust in decentralized architectures are discussed further on our Decentralized Software Architectures page.

Techniques

Explicitly model security at the architectural level. Modeling security of systems can be done explicitly, at the architectural level, using a secure architecture description language. Connectors provide a suitable vehicle to model, capture, and enforce security policies.

Explicitly model security in the architecture. By incorporating access control model concepts into an architecture description, it is possible to determine whether access to a particular resource should be granted through analysis of the architecture topology and privileges of its constituent elements.

Use architecture styles to create trust enabled, decentralized applications. A trust-enabled architectural style for decentralized systems can identify and support common functionalities intrinsic to every peer: communication, information, trust, and application allowing decentralized applications to be built without reinventing the wheel.

Notations

• Secure xADL - an extension to xADL that describes security properties of software architectures using XACML.

Styles/Protocols

• PACE - Practical Architectural approach for Composing Egocentric trust - An architectural style that provides comprehensive guidance on addressing many different decentralized security threats. It supports different trust models, which determine trust based on different categories of information.

Tools

• Architecture Access Control - an extension to ArchStudio 3.0 that edits, checks, and executes architectures described with access control policies.
• PACE reference architecture - used to implement decentralized auctioning, file-sharing, and common-operational picture prototypes

Ph.D. Dissertations

• A Connector-Centric Approach to Architectural Access Control - Jie Ren

See Also

• Our work on Decentralized Software Architectures

• Towards An Architectural Treatment of Software Security: A Connector-Centric Approach (SESS 05)
• A Call to Action: Look Beyond the Horizon (IEEE Security & Privacy 2003)