This paper attempts to propose a scheme to characterize non-functional security properties that are embedded with the functionality of software components. The security properties are attached with various aspects of a component such as resource allocation, user data protection, communication, and so on.In this paper, we are particularly interested in characterizing the user data protection of software components. It is often reported that software components usually suffer from security and reliability problems. It is now widely recognized that characterization of security properties of software component is an important issue to boost the confidence and trust on component technology.To address this issue, the characterization of security properties of component is the first challenging step. The work proposed in this paper is partially based on the functional requirements defined in Common Criteria for information Technology Security Evaluation endorsed by NIST. The applicability of the proposed scheme is demonstrated with a simple example.
Proceedings of the 2000 Australian Software Engineering Conference, Gold Coast, Queensland, Australia, 28-29 April 2000 / Douglas D. Grant (ed.),