An architectural approach to achieving higher-level security for component (service) based software systems

Software systems, in particular component (or service) based software systems, are becoming highly distributed and complex involving independent collaborating components working together towards achieving the systems’ goals. In current practice, a system’s security features are often added after the functional requirements have been addressed. As such, these security features are not systematically designed into the system, and consequently the system often has inherent design flaws and vulnerabilities that can be exploited by intruders, and companies spend much time and resources to fix them up. Meanwhile, the number of security attacks against these systems is also growing. These attacks are more sophisticated and difficult to identify, analyse, correlate (i.e., find out the root attack that triggers other attacks), anti-correlate (i.e., select and enforce proper countermeasures), and mitigate. Therefore, there is a strong need for a systematic software engineering approach, which we call software security engineering (SSE), for developing secure and robust component (or service) based software systems by considering security and functional requirements at the same time. To address the above issue, we draw on some analogies from the human society and biological systems in which the “strong” can protect the “weak”, the resulting relationship and the whole system that are stronger than the individual “links”. We argue that through collaboration of a system’s constituent components (i.e., distributed detection and defenses) there is a better chance to detect and withstand the new generation of security attacks including multi-phased distributed attacks and various flooding distributed denial of service (DDoS) attacks. Besides, in order to achieve collaborative intrusion detection and defenses in distributed environments, the system and its constituent components should have a mechanism to share with each other a general understanding of information about security attacks and countermeasures. Furthermore, this system should be adaptive and reconfigurable as a measure to withstand security attacks in addition to the traditional approaches such as blocking the IP addresses of the sources of the attack. Following the above considerations, in this thesis, we introduce a new architectural approach to achieving higher-level security for component (service) based software systems. It includes a reference architecture with defensive components used as a foundation of our approach, a number of security ontologies utilised by different distributed components as a common vocabulary, and a language for describing and manipulating the system design and configurations. First, the reference architecture for managing security called SECROBAT supports defensive components (DCs) including intrusion detection components (IDCs), honey pot components (HCs) and key distribution components (KDCs), and adopts the pure peer-topeer (P2P) and the super-peer (S-P) structures to allow components to operate as a coalition and be adaptive and reconfigurable in order to resist different types of security attacks. Based on SECROBAT different software applications can be developed including collaborative and distributed systems, Web service-based systems, social network systems, and online gaming systems. Second, we develop and apply security ontologies as a common vocabulary for sharing and analysing information among distributed system components such as DCs which collaboratively identify security attacks and realise defensive measures. We adopt an ontological approach because of its flexibility, scalability, reusability, and possibility to evolve over time and solve interoperability problems. Several security ontologies are developed including the security attack ontology (SAO), the security defence ontology (SDO), the security asset-vulnerability ontology (SAVO), the security algorithm-standard ontology (SASO), and the security function ontology (SFO). Third, we design a GIZKA language that is based on SECROBAT and the security ontologies for specifying dynamic software architectures, their security properties, and security attacks and defenses. It also helps the administrator to manage the system at runtime. GIZKA makes the process of designing, developing, and managing software systems simple and flexible. Finally, our approach is demonstrated through a case study of an example social network system and a prototype implementation.