软件架构设计与安全工程

2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems Pub Date : 2009-04-14 DOI:10.1109/ECBS.2009.17

Stephan Bode, Anja Fischer, Winfried E. Kühnhauser, Matthias Riebisch

{"title":"软件架构设计与安全工程","authors":"Stephan Bode, Anja Fischer, Winfried E. Kühnhauser, Matthias Riebisch","doi":"10.1109/ECBS.2009.17","DOIUrl":null,"url":null,"abstract":"Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect to security requirements by proposing a method that combines software engineering approaches with state-of-the-art security engineering principles. This method establishes an explicit alignment between the non-functional goal, the principles in the field of security engineering, and the implementation of a security architecture. The method aims at designing a system's security architecture based on a small, precisely defined, and application-specific trusted computing base. We illustrate this method by means of a case study which describes distributed enterprise resource planning systems using web services to implement business processes across company boundaries.","PeriodicalId":263562,"journal":{"name":"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Software Architectural Design Meets Security Engineering\",\"authors\":\"Stephan Bode, Anja Fischer, Winfried E. Kühnhauser, Matthias Riebisch\",\"doi\":\"10.1109/ECBS.2009.17\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect to security requirements by proposing a method that combines software engineering approaches with state-of-the-art security engineering principles. This method establishes an explicit alignment between the non-functional goal, the principles in the field of security engineering, and the implementation of a security architecture. The method aims at designing a system's security architecture based on a small, precisely defined, and application-specific trusted computing base. We illustrate this method by means of a case study which describes distributed enterprise resource planning systems using web services to implement business processes across company boundaries.\",\"PeriodicalId\":263562,\"journal\":{\"name\":\"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ECBS.2009.17\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECBS.2009.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

与其他非功能需求类似，安全性需求对复杂IT系统的体系结构设计有很大的影响。安全工程和软件工程都提供了处理这些需求的方法。然而，如何将这些独立领域的方法整合在一起仍然是一个关键的空白。在本文中，我们通过提出一种将软件工程方法与最先进的安全工程原理相结合的方法来缩小安全需求方面的差距。此方法在非功能目标、安全工程领域的原则和安全体系结构的实现之间建立了明确的一致性。该方法旨在设计一个基于小型的、精确定义的、特定于应用程序的可信计算库的系统安全架构。我们通过一个案例研究来说明这种方法，该案例研究描述了使用web服务跨公司边界实现业务流程的分布式企业资源规划系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Software Architectural Design Meets Security Engineering

Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect to security requirements by proposing a method that combines software engineering approaches with state-of-the-art security engineering principles. This method establishes an explicit alignment between the non-functional goal, the principles in the field of security engineering, and the implementation of a security architecture. The method aims at designing a system's security architecture based on a small, precisely defined, and application-specific trusted computing base. We illustrate this method by means of a case study which describes distributed enterprise resource planning systems using web services to implement business processes across company boundaries.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems

自引率

0.00%

发文量