A software architecture provides a high-level description of a software solution in terms of the structure, topology, and interactions between its principal components. While a number of formal architectural description languages have been developed, a visual modeling approach seems to be more suitable for practitioners. There is also a lack of established tools or methodologies for integrating security requirements with software architectural models. Moreover, determining whether or not a given software architectural model realizes a set of security requirements remains a challenging problem. To address these issues, this paper proposes a modelbased framework for architecting secure software. Specifically, we present a mapping strategy between the core elements of software architecture and a lightweight extension to the UML metamodel. We then describe how security requirements, captured in the forms of authorization and obligation security policies, can be visually integrated with t...
Ebenezer A. Oladimeji, Sam Supakkul, Lawrence Chun