Composing Security-Aware Software

0 7 4 0 7 4 5 9 / 0 2 / $ 1 7 . 0 0 © 2 0 0 2 I E E E benefits of software reusability. While software components have become popular, security concerns are paramount. Their composition can be considered risky because of the “plug and play” with unknown third-party components. In dynamic runtime applications for critical systems such as e-commerce and ehealth, the risk could be much higher. Component security concerns are twofold: how to build secure components and secure composite systems from components, and how to disclose components’ security properties to others. This article addresses the latter; rather than propose any new security architecture, we present a security characterization framework. Our approach concerns the security functions of software components by exposing their required and ensured security properties. Through a compositional security contract between participating components, system integrators can reason about the security effect of one component on another. A CSC is based on the degree of conformity between the required security properties of one component and the ensured security properties of another. However, whether the characterized and disclosed security properties suffice to build a secure composite system is outside the scope of this parameter. System integrators should address this concern at the time of composition.