Determining whether a software architecture meets its security requirements is an early step in assuring the security of the products developed from the architecture. In this paper, we propose a tool-based technique using an authorization scheme to analyze the security of software architectures. Such technique will serve as debugging support for software architectures to identify the portion in the software architecture that fails to meet the required level. Security is analyzed in terms of its aggregate attributes: availability, confidentiality, and integrity. In this paper, we address confidentiality and show that integrity is measured in a complementary manner to confidentiality. A scenario based approach is taken to analyze security in a software architecture. Our work is implemented in the OSATE environment and analyzes software architectures modeled using AADL (Architecture Analysis and Design Language).
展开▼
