Security Architecture

Security Architecture is one activity of the Trustworthy Systems project inside the Software System Research Group (SSRG).

• Aim: Modelling and analysis of the architectures of secure systems.

  The security architecture provides a high-level design of the system, describing the main software components and their interconnections, together with security-related properties of these components and connectors. Given such an architecture we can perform analysis of the system's security, determining whether it adheres to required security policies. The key aims of this research activity are to:

  • Develop an appropriate software and security architecture modelling language.
  • Develop models of candidate (case study) systems.
  • Develop appropriate security analysis methods and tools that work on the architecture models.
  • Provide mappings from a security architecture to an implementation framework and to a formal model, to drive subsequent system implementation and system verification activities.
  • Investigate trade-offs in developing security architectures, and catalogue applicable patterns for building systems with desirable security properties.

• Context: Within the context of the Trustworthy Systems project, the security architecture provides the highest level representation of the system.

  This is the first step in the design of a trustworthy system and, most importantly, it defines the trusted and untrusted components in the system, and the isolation boundaries between them. Being able to perform security analyses at this level allows us to analyse the security of system designs before fully implementing and verifying the system. Furthermore the architecture and its analysis feed into and drive subsequent steps in the overall process. In particular it is a key input into the whole-system assurance activity, specifying the trusted and untrusted components in the system, as well as their interconnections and expected security-related properties.

  Specific links to other Trustworthy Systems activities are as follows:

  • Trustworthy components: the architecture model maps down to a componentised system.
  • Information flow: the security properties and policies are related to information flow.
  • Whole-system assurance: the software architecture and security properties are one of the key inputs into the whole system proof.
  • Verification process modelling and improvement: developing and analysing the architecture is part of the overall process that the project studies.

• Technical research challenges:

  • Analysing a system architecture for adherence to a specific security policy.
  • Evaluating the trade-offs (security, performance, verifiability) when designing an architecture.
  • Validating that an implemented system is a refinement of a system architecture, and managing the relationship in the face of change.
  • Formally modeling architectures by giving formal semantics to components and communication channel architectures.
  • Cataloguing patterns for secure and verifiable system architectures, and identifying classes of architectures that minimise TCB.

• Contact: Ihor Kuz, ihor.kuz<at>nicta.com.au