A security characterisation framework for trustworthy component based software systems

Abstract

This paper explores how to characterize security properties of software components, and how to reason about their suitability for a trustworthy compositional contract. Our framework provides an explicit opportunity for software composers as well as software components to test a priori security properties of software components in a system composition. The proposed framework uses logic programming as a tool to represent security properties of atomic components and reason about their compositional matching with other components. This enables software components as well as composers to "test" possible matches and mismatches between the security properties of the candidate components and the security requirements of the enclosing applications systems.