Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Multi-Faceted Approach for Development of Security Architectures for Application Systems



Ramaswamy Chandramouli


Secure application systems are often built using the Software Architecture of the system as a blue print. The Software Architecture of any application system contains along with other functional requirements, the security service requirements for the various constituent components. However for continued maintenance of the security worthiness of the application and for facilitating security re-evaluations and certifications, a separate security architecture definition for an application is also required. In this paper we describe a methodology for developing and maintaining a security-focused architecture for any application system. We have termed this architecture as the Functional Security Architectures (FSA) and the methodology as MDFSA (the acronym standing for Methodology for Development of Functional Security Architecture). FSA provides security service definitions for the various components in the Software Architecture based on abstract models. MDFSA employs a multi-faceted approach for developing the FSA ¿ Business Process Analysis, Abstract Models of Protection & Security Service definition, Information Security Architecture, Structured Security Specification frameworks (e.g. ISO/IEC 15408 Protection Profiles/Security Target) etc. The MDFSA methodology is illustrated by using an Admissions Discharge and Transfer System, a key healthcare IT application system.
Proceedings Title
Third Annual International Systems Security Engineering Association Conference
Conference Dates
March 13-15, 2002
Conference Location
Orlando, FL
Conference Title
International Systems Security Engineering Conference


information domains, information security architecture, security services, software security architecture


Chandramouli, R. (2002), A Multi-Faceted Approach for Development of Security Architectures for Application Systems, Third Annual International Systems Security Engineering Association Conference, Orlando, FL (Accessed April 16, 2024)
Created March 1, 2002, Updated February 17, 2017