Abstract
This paper addresses information security from systems development point of view. This paper presents a prototype demonstrating how security-aware software components can be composed with other remote objects in terms of security compliances. It shows that the integration between two third-party components can be formed based on the compliance of their security requirements and assurances. With a running example, the paper attempts to demonstrate how the compliance of security requirements of a component is checked, and how a viable integration between software components is formed matching the security requirements of each other. The paper also describes the underlying architecture of the prototype.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Arafeh, B.: A Graph Grammar Model for Concurrent and Distributed Software Specification-in-Large. Journal of Systems Software 31, 7–32 (1995)
D’Souza, D., Wills, A.: Objects, Components, and Frameworks with UML - The Catalysis Approach. Addison-Wesley, Reading (1998)
Han., J.: A Comprehensive Interface Definition Framework for Software Components. In: Proc of 1998 Asia-Pacific Software Engineering Conf., Taipei, Taiwan, December 1998, pp. 110–117 (1998)
Khan, K., Han, J.: A Security Characterisation Framework for Trustworthy Component Based Software Systems. In: Proc of the 27th Annual Int’l Computer Software and Applications Conf. (COMPSAC 2003), Dallas, pp. 164–169 (2003)
Khan, K., Han, J.: Composing Security-Aware Software. IEEE Software, 34–41 (January/February 2002)
Pandey, R., Hashii, B.: Providing Fine-Grained Access Control for Mobile Programs Through Binar. In: Guerraoui, R. (ed.) ECOOP 1999. LNCS, vol. 1628, pp. 449–473. Springer, Heidelberg (1999)
Kelkar, M.: Modeling Software Component Security Policies. Doctoral thesis, University of Tulsa, Tulsa, OK, USA (2007)
Gegick, M., Williams, L., Vouk, M.: Predictive Models for Identifying Software Components Prone to Failure During Security Attacks. In: Proceedings Conference of OOPSLA, Nashville, Tennessee (October 2008)
Liu, Y., Traore, I.: Systematic Security Analysis for Service-Oriented Software Architectures. In: Proceedings of the IEEE International Conference on e-Business Engineering, pp. 612–621. IEEE Computer Society press, Los Alamitos (2007)
Willett, K.: Security Issues in Service-Oriented Architecture, CSC Online World (January/March 2007), http://www.csc.com/cscworld/012007/fa/fa005.shtml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khan, K.M., Tan, C. (2009). SecCom: A Prototype for Integrating Security-Aware Components. In: Yang, J., Ginige, A., Mayr, H.C., Kutsche, RD. (eds) Information Systems: Modeling, Development, and Integration. UNISCON 2009. Lecture Notes in Business Information Processing, vol 20. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01112-2_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-01112-2_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01111-5
Online ISBN: 978-3-642-01112-2
eBook Packages: Computer ScienceComputer Science (R0)