Security characterization of software components and their composition

The paper proposes a security characterization structure of software components and their composition. The structure provides a preliminary modelling of security properties of stand-alone software components and some of their compositional primitives. In this paper, we are particularly interested in security properties related to user data protection of software components. The proposed compositional specification attempts to model the resulting effect between security attributes of two contracting components. The compositional specification structure can capture the results of combined security specifications of two participating components in a contract. Our security specification syntax is based on four compositional elements: identities of contracting components, actions to be performed in a compositional relationship, security attributes supported by components, and resources to be used by other components. The structure is used in an example of secure interactions over a network to illustrate the applicability of the proposed work.