Analyzing security architectures

Abstract

We present a semi-automated approach, SECORIA, for analyzing a security runtime architecture for security and for conformance to an object-oriented implementation. Type-checkable annotations describe architectural intent within the code, enabling a static analysis to extract a hierarchical object graph that soundly reflects all runtime objects and runtime relations between them. In addition, the annotations can describe modular, code-level policies. A separate analysis establishes traceability between the extracted object graph and a target architecture documented in an architecture description language. Finally, architectural types, properties, and logic predicates describe global constraints on the target architecture, which will also hold in the implementation. We validate the SECORIA approach by analyzing a 3,000-line pedagogical Java implementation and a runtime architecture designed by a security expert.