Advances in the Acquisition of Secure Systems Based on Open Architectures

Scacchi, Walt; Alspaugh, Thomas A.

doi:10.21236/ada543839

Cited by 2 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…How to provide automated tools and practical techniques that provide (more) robust acceptance/compliance checking prior to a new system version being installed prior to going live in operation, seems to be an underspecified process enactment problem. Adding robust diversity mechanisms and capabilities for dramatically improving OA system security [11,17,30] remains an open question for further study. Once again, a case study can serve as a starting point for examining such issues and concerns, and this is our strategy.…”

Section: Related Research and Develop-ment Effortsmentioning

confidence: 99%

“…Security policy constraints for components, configured sub-systems, or an overall system are expressed and analyzed in a similar manner [30]. The ability to model and automatically analyze such obligations and rights is needed at build-time and release deployment-time.…”

Section: Architectural Design Processmentioning

confidence: 99%

“…In our case, we choose to incorporate virtual machines to encapsulate our OA system, and we ignore alternative security protection schemes for simplicity. However, we recognized that even a seemingly simple decision like this still requires analyzing trade-offs about whether to encapsulate the entire system as a single virtual machine (relatively easy to address during deployment, though requiring deployment and installation of virtual machine software (e.g., [38]) on the target deployment computers) or to encapsulate each different component within its own virtual machine that would then be interconnected using secure connectors (more challenging to address for deployment, but offering a more resilient OA system security [30]. We decided to design something in-between these two extremes, by taking into account where different components might be hosted within a networked, multi-server platform environment.…”

Section: Architectural Design Processmentioning

confidence: 99%

“…We decided to design something in-between these two extremes, by taking into account where different components might be hosted within a networked, multi-server platform environment. What our OA system design process produced is an abstract architectural configuration of component types (each attributed with IP license constraints-not shown but described elsewhere [1,2,30]), a minimal component interconnection scheme, and what we call a hybrid virtual machine confinement scheme, as shown in Figure 2. Given that we have so far only examined the architectural design process, we note that we are already beginning to see that we need to anticipate non-functional requirements for the other downstream software processes that follow, particularly in the form of process enactment directives or constraints.…”

Section: Architectural Design Processmentioning

confidence: 99%

“…Similarly, when the software processes for securing an OA system involve automated process enactment, it appears that compliance testing-checking whether an automated enactment produced a system configuration that is compliant with the system's security policy-will increase in importance. Such compliance is likely to be ad hoc, unless the security policy is formalized into a computational model [30] that can be cross-checked with the enactment results.…”

Section: Overall Oa Development and Evolution Process Issuesmentioning

confidence: 99%

See 4 more Smart Citations

Processes in securing open architecture software systems

Scacchi

Alspaugh

2013

Proceedings of the 2013 International Conference on Software and System Process

Self Cite

View full text Add to dashboard Cite

Our goal is to identify and understand issues that arise in the development and evolution processes for securing open architecture (OA) software systems. OA software systems are those developed with a mix of closed source and open source software components that are configured via an explicit system architectural specification. Such a specification may serve as a reference model or product line model for a family of concurrently sustained OA system versions/variants. We employ a case study focusing on an OA software system whose security must be continually sustained throughout its ongoing development and evolution. We limit our focus to software processes surrounding the architectural design, continuous integration, release deployment, and evolution found in the OA system case study. We also focus on the role automated tools, software development support mechanisms, and development practices play in facilitating or constraining these processes through the case study. Our purpose is to identify issues that impinge on modeling (specification) and integration of these processes, and how automated tools mediate these processes, as emerging research problems areas for the software process research community. Finally, our study is informed by related research found in the prescriptive versus descriptive practice of these processes and tool usage in studies of conventional and open source software development projects.

show abstract

Section: Related Research and Develop-ment Effortsmentioning

confidence: 99%

Section: Architectural Design Processmentioning

confidence: 99%

Section: Architectural Design Processmentioning

confidence: 99%

Section: Architectural Design Processmentioning

confidence: 99%

Section: Overall Oa Development and Evolution Process Issuesmentioning

confidence: 99%

See 3 more Smart Citations