Sciweavers

KBSE
2010
IEEE

Analyzing security architectures

13 years 11 months ago
Analyzing security architectures
We present a semi-automated approach, Secoria, for analyzing a security runtime architecture for security and for conformance to an object-oriented implementation. Typecheckable annotations describe architectural intent within the code, enabling a static analysis to extract a hierarchical object graph that soundly reflects all runtime objects and runtime relations between them. In addition, the annotations can describe modular, code-level policies. A separate analysis establishes traceability between the extracted object graph and a target architecture documented in an architecture description language. Finally, architectural types, properties, and logic predicates describe global constraints on the target architecture, which will also hold in the implementation. We validate the Secoria approach by analyzing a 3,000-line pedagogical Java implementation and a runtime architecture designed by a security expert. Categories and Subject Descriptors D.2.11 [Software Engineering]: Software ...
Marwan Abi-Antoun, Jeffrey M. Barnes
Added 29 Jan 2011
Updated 29 Jan 2011
Type Journal
Year 2010
Where KBSE
Authors Marwan Abi-Antoun, Jeffrey M. Barnes
Comments (0)