Enforcing Conformance between Security Architecture and Implementation

摘要

Analysis at the level of a runtime architecture matches the way experts reason about security or privacy better than a purely code-based strategy. However, the architecture must still be correctly realized in the implementation. The authors previously developed SCHOLIA to analyze, at compile time, communication integrity between arbitrary object-oriented code and a rich, hierarchical intended runtime architecture using type-checkable annotations. This paper applies SCHOLIA to security runtime architectures. Having established traceability between the target architecture and the code, they extend SCHOLIA to enforce structural architectural constraints. At the code level, annotations enforce local, modular constraints. At the architectural level, predicates enforce global constraints. They validate the end-to-end approach in practice using a real 3,000-line Java implementation, and enforce its conformance to a security architecture designed by an expert. This paper's contributions are the following: (1) An application of SCHOLIA to analyze conformance between a Java implementation and a security runtime architecture, entirely statically and using annotations; (2) An illustration of enforcing constraints at the code level and architecturally; and (3) A validation using a real 3,000-line Java implementation of a security architecture designed by an expert.