Helping to Meet the Security Needs of Enterprises: Using FDAF to Build RBAC into Software Architectures

The vision, strategies, and goals of enterprises involve numerous security issues; these stem from legal and business concerns. For example, a financial organization, such as a bank, needs to ensure that employee and customer data are kept private and account balances for customers are not corrupted. Some of these needs may be realized in a collection of software applications such as employee payroll, employee performance review, and account reconciliation systems. The problem of effectively designing secure software systems to meet an organization’s needs is a critical part of their success. This paper focuses on the problem of how to build security into a software architecture using the Formal Design Analysis Framework (FDAF). FDAF is an aspect-oriented approach that supports the design and analysis of non-functional properties for distributed, real-time systems. Particularly, an empirical study is presented to illustrate building Role-Based Access Control (RBAC), a design aspect in FDAF aspect repository, into the architecture for an online banking system. The RBAC aspect is adapted from the well-established RBAC security pattern. The study has also demonstrated how FDAF can help meet a system’s enterprise level security requirements.