Requirements Driven Multiple View Paradigm for Developing Security Architecture
Authors: K. Chandra Sekaran
Abstract:
This paper describes a paradigmatic approach to develop architecture of secure systems by describing the requirements from four different points of view: that of the owner, the administrator, the user, and the network. Deriving requirements and developing architecture implies the joint elicitation and describing the problem and the structure of the solution. The view points proposed in this paper are those we consider as requirements towards their contributions as major parties in the design, implementation, usage and maintenance of secure systems. The dramatic growth of the technology of Internet and the applications deployed in World Wide Web have lead to the situation where the security has become a very important concern in the development of secure systems. Many security approaches are currently being used in organizations. In spite of the widespread use of many different security solutions, the security remains a problem. It is argued that the approach that is described in this paper for the development of secure architecture is practical by all means. The models representing these multiple points of view are termed the requirements model (views of owner and administrator) and the operations model (views of user and network). In this paper, this multiple view paradigm is explained by first describing the specific requirements and or characteristics of secure systems (particularly in the domain of networks) and the secure architecture / system development methodology.
Keywords: Multiple view paradigms, requirements model, operations model, secure system, owner, administrator, user, network.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1078971
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1364References:
[1] Anderson, R, Why Cryptosystems Fail, Communications of the ACM, No.37, pp.32-40, 1994.
[2] F. Paterno, Model based Design and Evaluation of Interactive Applications, Springer-Verlag, 1999, ISBN 1-85233-155-0.
[3] Theus V., and Ray H., Intrusion Detection Techniques and approaches, Computer Communications, Elsevier, No.25, pp.1356-1365, 2002.
[4] ISO/IEC-15408, Common Criteria for Information Technology Security Evaluation, v2.0, National Institute of Standards & Technology, Washington, DC, June 1999.
[5] Anthony H., and Roderick C., Correctness by Construction: Developing a Commercial Secure System, IEEE Software, pp.18-25, Jan-Feb 2002.
[6] Khaled M.K., and Jun Han, Composing Security-aware Software, IEEE Software, pp.34-41, Jan-Feb 2002.