Formal security analysis for software architecture design: An expressive framework to emerging architectural styles

https://doi.org/10.1016/j.scico.2021.102631Get rights and content

Highlights

  • Emerging technologies utilised in software systems may pose security threats.

  • Our approach helps to identify security characteristics at the architectural level.

  • Our approach applies metrics to measure security and trace attack scenarios.

  • The insightful results allows tracing the design to identify impacts by the attacks.

  • Our approach is expressive to define other security metrics and architecture styles.

Abstract

Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design.

Introduction

Security is an important non-functional requirement that software architects need to consider when they design their systems. Many security flaws can be identified by performing analysis at different stages of software development process [1]. At the design phase, security analysis can be conducted using software architecture design models. After a system has been implemented, vulnerability analysis can be conducted through penetration testing to reveal security flaws in the system implementation. Security analysis at the architectural level is essential as it helps to prevent security flaws being propagated to the implementation. Architectural-level security flaws constitute 50% of total reported vulnerabilities in the system implementation [2]. If we can minimise security flaws at the architecture design phase, less effort would be required to later fix them in the implementation.

As emerging technologies, such as blockchain, microservices and containerization, have been intensively utilised in modern software systems, new architectural styles have been proposed to support them [3] [4]. These architectural styles have specific structures and behaviours that require specialised knowledge of technologies in order to analyse them [5]. Security analysis has, therefore, become more complex. Moreover, the design of a software system often evolves when new technologies and styles become available. Hence, the analysis approach must be flexible to support new technologies and styles.

Even though a number of works have been proposed to support security analysis at the architectural level, as we discuss in Section 7, they still have limitations. First, existing approaches either focus on evaluating security metrics relating to the design or tracing attack scenarios. Both tasks are significant in analysing security measures in a software system. The analysis approach should be able to measure the overall security of a software system to support trade-off analysis. Also, when security flaws are identified, software engineers need to be able to trace how they can be attacked by adversaries and identify which components would be impacted. Second, most of the analysis approaches are not extensible to support new security metric or scenarios, because analysis logic is often hard-coded in the analysis tool. Third, many analysis approaches have been proposed for a particular architectural style and technology. There is a lack of analysis approaches that are flexible to support arbitrary architectural styles.

This paper presents an automated security analysis approach for software architecture design. Our approach supports architectural security analysis based on a formal representation of security characteristics representing metrics, security, vulnerability and attack scenarios. The analysis process is based on the ontology reasoning and model checking technique. Our approach can be used to measure the overall security of a software system and give an insightful result that helps to trace how attacks can occur. This paper presents the unique development from our previous works published at [6] and [7], which provide the concept of approach to analyse security in specific architectural style. This paper focuses on a generic approach that can be applied to support the security analysis on the architectural styles that their semantic structures and interactive behaviours can be formally described. We provide a guideline of how our technique can analyse other security vulnerabilities not addressed in this paper. The architectural patterns can be formally specified for the architectural style using the modelling presented in this paper. This paper also includes the implementation details of tools and the evaluation of our approach on real-world systems. The contributions of this paper are summarised as follows:

  • 1.

    Formal modelling of software architecture design is proposed to describe the structural and behavioural aspects of software architecture design.

  • 2.

    A set of formal descriptions of security characteristics is presented and used to identify security vulnerabilities, metrics and scenarios. A guideline are provided to define other security characteristics not addressed in this work.

  • 3.

    A set of formal descriptions for architectural styles is presented. This set provides structural and behavioural details of architectural styles to serve security analysis. The semantic supporting the formal descriptions is expressive to define other architectural styles in the similar way.

  • 4.

    The analysis tool has been developed to seamlessly support modelling, verifying and tracing security at the architectural design level.

  • 5.

    We have evaluated the accuracy and performance of our security analysis approach with six software systems. The results prove that our approach is efficient and effective in supporting architecture security analysis.

The rest of this paper is organised as follows. Section 2 presents the principles and concepts used in our approach. Section 3 explains the motivation for our approach. Section 4 presents how to formally define architecture designs and security characteristics. The implementation of tools to support our approach is presented in Section 5. Section 6 presents our evaluation. Section 7 discusses related work in comparison to our approach. This paper concludes in Section 8, where future research direction is also addressed.

Section snippets

Ontology Web language

Web Ontology Language is the standard ontology language proposed by the World Wide Web Consortium (W3C) to describe the ontology model, which aims to capture the structure of knowledge in a domain. OWL includes a set of standard operators such as intersection, union and negation, to logically support the definition of a model. OWL supports class hierarchies, similar to Object-Oriented Programing (OOP). An ontology class can be inherited from another class. This inheritance can be used to form a

Security in emerging architectural styles

As emerging architectural styles have been applied in modern software systems, this section presents prominent emerging architectural styles and their security challenges. These challenges urge the need for an automated approach to support security analysis.

Formal security modelling and analysis

This section presents a framework that supports analysing security at the architectural design level. The overall process can be seen in Fig. 2. First, the architecture design is formally modelled based on architectural patterns. These patterns support the design according to architectural styles. The model of architecture design can be created by a provided modeller tool. This tool allows us to automatically format the model into Ontology Web Language (OWL) and Architecture Description

Tool implementation

This section presents the implementation of the tool to support formal security analysis. We have implemented our formal approach as a software framework to support modelling and analysing the architectural design. This software framework consists of several components, as shown in Fig. 8.

Arch Modeller9 is implemented as a graphical user interface tool to support modelling of the architecture design and performing security analysis. This tool

Evaluation

This evaluation aims to answer the following research questions:

  • RQ1: How complete and sound is the detection according to the set of formally defined security characteristics?

  • RQ2: What are the factors that impact the computational performance of the detection process?

  • RQ3: How effective is the scenarios generated to identify the components that have an indirect impact from the attacks?

  • RQ4: What are the factors that impact the computational performance of attack scenarios generation?

Related work

This section discusses related work. We begin by discussing methods and techniques that have been proposed to analyse security at the level of software architecture design. We then discuss work that focuses on analysing security in systems that utilise microservice and blockchain technology.

Gennari and Garlan [39] proposed an extension to ACME Studio to support attack surface analysis in the C&C view of architecture design. Although this approach can help to reduce security flaws at design

Conclusion

In this paper, a framework is introduced to support analysing security during the software architecture design phase of software development. Our approach can automatically identify security vulnerabilities and provides insightful results that show how attacks may occur. We have evaluated the accuracy of our approach and the performance of the automated analysis process and the results demonstrate that our approach can efficiently provide accurate results to support the analysis. With the

CRediT authorship contribution statement

Nacha Chondamrongkul: Conceptualization, Methodology, Software, Validation, Writing – review & editing. Jing Sun: Supervision, Validation, Writing – review & editing. Ian Warren: Supervision, Validation, Writing – review & editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (56)

  • L. Grunske et al.

    Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles

    J. Syst. Softw.

    (2008)
  • W.D. Yu et al.

    Towards a secure software development lifecycle with square+r

  • G. McGraw

    Software Security: Building Security in

    (2006)
  • D. Taibi et al.

    Architectural patterns for microservices: a systematic mapping study

  • X. Xu et al.

    The Blockchain as a Software Connector

    (2016)
  • D. Seifert et al.

    A security analysis of cyber-physical systems architecture for healthcare

    Computers

    (2016)
  • N. Chondamrongkul et al.

    Automated security analysis for microservice architecture

  • N. Chondamrongkul et al.

    Formal security analysis for blockchain-based software architecture

  • N. Chondamrongkul et al.

    Pat approach to architecture behavioural verification

  • N. Dragoni et al.

    Microservices: Yesterday, Today, and Tomorrow

    (2017)
  • M. Richards

    Software Architecture Patterns

    (2015)
  • I. Nadareishvili et al.

    Microservice Architecture: Aligning Principles, Practices, and Culture

    (2016)
  • H. Kang et al.

    Container and microservice driven design for cloud infrastructure devops

  • R. Heinrich et al.

    Performance engineering for microservices: research challenges and directions

  • W. Lloyd et al.

    Serverless computing: an investigation of factors influencing microservice performance

  • P.D. Francesco et al.

    Architecting with microservices: a systematic mapping study

    J. Syst. Softw.

    (2019)
  • B. Christudas

    Axon for CQRS Architecture

    (2019)
  • S. Millett et al.

    Patterns, Principles, and Practices of Domain-Driven

    (2015)
  • X. Xu et al.

    Blockchain in Software Architecture

    (2019)
  • X. Xu et al.

    A pattern collection for blockchain-based applications

  • P. Nkomo et al.

    Software development activities for secure microservices

  • D. Yu et al.

    A survey on security issues in services communication of microservices-enabled fog applications

    Concurr. Comput., Pract. Exp.

    (2019)
  • N. Sakimura et al.

    Openid connect core 1.0

  • T. Yarygina et al.

    Overcoming security challenges in microservice architectures

  • N. Chondamrongkul et al.

    Ontology-based software architectural pattern recognition and reasoning

  • G. Antoniou et al.

    Web ontology language: Owl

  • P.B. Kruchten

    The 4+1 view model of architecture

    IEEE Softw.

    (1995)
  • C.A.R. Hoare

    Communicating sequential processes

    Commun. ACM

    (1978)
  • Cited by (0)

    View full text