Security Characterisation and Integrity Assurance for Software Components and Component-Based Systems

Software systems are increasingly assembled from components that are developed by and purchased from third parties for technical and economic gains In such component based software development the functionality and quality of service attributes of the soft ware components should be clearly and adequately speci ed or packaged through their interfaces so that the characteristics of the systems assembled from the components can be analysed relative to the system requirements In this paper we consider one particular quality of service attribute i e security and outline an approach to specifying the security characteristics of software components and analysing the security properties of component based systems in terms of their component characteristics and system architec tures The approach is partially based on the Common Criteria for Information Technology Security Evaluation In addition we also introduce our work on ensuring the integrity of software components as part of the infrastructural support for component based software engineering