Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: A Multi-Faceted Approach for Development of Security Architectures for Application Systems

NIST Authors in Bold

Author(s): Ramaswamy Chandramouli;
Title: A Multi-Faceted Approach for Development of Security Architectures for Application Systems
Published: March 01, 2002
Abstract: Secure application systems are often built using the Software Architecture of the system as a blue print. The Software Architecture of any application system contains along with other functional requirements, the security service requirements for the various constituent components. However for continued maintenance of the security worthiness of the application and for facilitating security re-evaluations and certifications, a separate security architecture definition for an application is also required. In this paper we describe a methodology for developing and maintaining a security-focused architecture for any application system. We have termed this architecture as the Functional Security Architectures (FSA) and the methodology as MDFSA (the acronym standing for Methodology for Development of Functional Security Architecture). FSA provides security service definitions for the various components in the Software Architecture based on abstract models. MDFSA employs a multi-faceted approach for developing the FSA ¿ Business Process Analysis, Abstract Models of Protection & Security Service definition, Information Security Architecture, Structured Security Specification frameworks (e.g. ISO/IEC 15408 Protection Profiles/Security Target) etc. The MDFSA methodology is illustrated by using an Admissions Discharge and Transfer System, a key healthcare IT application system.
Conference: International Systems Security Engineering Conference
Proceedings: Third Annual International Systems Security Engineering Association Conference
Location: Orlando, FL
Dates: March 13-15, 2002
Keywords: information domains,information security architecture,security services,software security architecture
Research Areas: