A security assurance framework for component based software development

Commercial-off-the-shelf (COTS) components are black box software products. The absence of their code precludes them from any kind of inspection of certify that the code is safe. This increases the security risk for safety-sensitive applications. The application, before interfacing with COTS component, needs an assurance that it is secure. This paper presents a framework to assure security of components for such applications. This framework uses Aspect Oriented Programming (AOP) paradigm to capture security characteristics of the components and weaves the corresponding security checks into them. It also introduces a novel verification mechanism to ensure that the COTS components are developed as per security contract.

Duke Scholars

Author Ashwinkumar Venkatanaga Machanavajjhala Computer Science