This paper proposes an approach of defining systemslevel security properties of component-based composite systems. It argues that the security properties of a composite system can be viewed either from the end-users’ point of view, or from the software integrators’ point of view. End users look more for the ultimate security goals achieved in the composite system, whereas software integrators are more interested in the compositional security properties of the system in terms of the required and ensured properties. Software integrators need to know how a composite system could be assembled further as a coarse-grained component with other applications. It is equally important for the end user of the system to know the actual security objectives achieved at the systems-level.
Khaled M. Khan, Jun Han