Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 18 / Issue 20

available in:   PDF (591 kB) PS (752 kB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-018-20-2920


Engineering Security into Distributed Systems: A Survey of Methodologies

Anton V. Uzunov (University of Adelaide, Australia)

Eduardo B. Fernandez (Florida Atlantic University, USA)

Katrina Falkner (University of Adelaide, Australia)

Abstract: Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.

Keywords: computer security, distributed systems, model driven security, model-based development, secure software architectures, secure software engineering, security engineering, security methodologies, security patterns, survey

Categories: C.2.0, C.2.4, D.2.0, D.2.1, D.2.2, D.4.6, K.6.5, L.4