Modeling of distributed systems focusing on IT security aspects
Publish date: 2002-01-01
Report number: FOI-R--0712--SE
Written in: English
The appearance of widely distributed systems providing services and information critical to both organizations and individuals results in new challenges for systems and security engineers. While adequate solutions to solve the unavoidable security issues have to be designed and implemented, the systems are increasingly difficult to be comprehended and assessed. Thus efficient design frameworks and modeling techniques are crucial for the development of future systems. Since no distributed information system can be designed secure, but can include the necessary prerequisities to be secured during operation; the aim is design for securability. To achieve design for securability, three steps have to be supported in the design of distributed systems. Firstly, the interactions and relations between the system and its environment have to be captured. Secondly, a set of security requirements on the system has to be formulated. Thirdly, the set of requirements has to be implemented in the system. This report is focused on the third step, which requires system models and design methods and tools. Especially, efforts regarding the identification of security-relevant characteristics and the formulation of adequate modeling techniques are presented. The long-term goal is to build an environment suitable for modeling, simulation, and assessment of security architectures.