Implementation-Oriented Secure Architectures

Abstract

We propose a framework for constructing secure systems at the architectural level. This framework is composed of an implementation-oriented formalization of a system's architecture, which we call the formal implementation model, along with a method for the construction of a system based on elementary analysis, implementation, and synthesis steps. Using this framework, security vulnerabilities can be avoided by constraining the architecture of a system to those architectures that can be rigorously argued to implement all corresponding functional and security requirements, and no other. Furthermore, the framework enables the verification and validation of system correctness by enforcing traceability of final system components to their corresponding design, architecture, and requirement work products.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2006
Accession Number
ADA459080

Entities

People

  • Daniel Conte De Leon
  • Jim Alves-foss
  • Paul W. Oman

Organizations

  • University of Idaho

Tags

Communities of Interest

  • Human Systems

DTIC Thesaurus Topics

  • Abstracts
  • Air Force Research Laboratories
  • Air Traffic
  • Artifacts
  • Authentication
  • Complex Systems
  • Computer Programming
  • Computer Programs
  • Database Management Systems
  • Domain Specific Programming Languages
  • Engineering
  • Language
  • Programming Languages
  • Software Development
  • Specifications
  • Verification
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Distributed Systems and Data Platform Development
  • Strategic Security Studies