This work presents an implementation strategy which exploits the separation of concerns and reuse in a multi-tier architecture to improve the security (availability, integrity, and confidentiality) level of an existing application. Functional properties are guaranteed via wrapping of the existing software modules. Security mechanisms are handled by the business logic of the middle-tier: availability and integrity are achieved via replication of the functional modules and the confidentiality is obtained via cryptography. The technique is presented with regard to a case study application. We believe that our experience can be used as a guideline for software practitioners to solve similar problems. We thus describe the conceptual model behind the architecture, discuss implementation issues, and present technical solutions. © 2003 Elsevier Science B.V. All rights reserved.

An architecture for security-oriented perfective maintenance of legacy software / M. A., Romano; Cotroneo, Domenico; Mazzeo, Antonino; L., Romano; S., Russo. - In: INFORMATION AND SOFTWARE TECHNOLOGY. - ISSN 0950-5849. - STAMPA. - 45:(2003), pp. 619-631. [10.1016/S0950-5849(03)00049-1]

An architecture for security-oriented perfective maintenance of legacy software

COTRONEO, DOMENICO;MAZZEO, ANTONINO;
2003

Abstract

This work presents an implementation strategy which exploits the separation of concerns and reuse in a multi-tier architecture to improve the security (availability, integrity, and confidentiality) level of an existing application. Functional properties are guaranteed via wrapping of the existing software modules. Security mechanisms are handled by the business logic of the middle-tier: availability and integrity are achieved via replication of the functional modules and the confidentiality is obtained via cryptography. The technique is presented with regard to a case study application. We believe that our experience can be used as a guideline for software practitioners to solve similar problems. We thus describe the conceptual model behind the architecture, discuss implementation issues, and present technical solutions. © 2003 Elsevier Science B.V. All rights reserved.
2003
An architecture for security-oriented perfective maintenance of legacy software / M. A., Romano; Cotroneo, Domenico; Mazzeo, Antonino; L., Romano; S., Russo. - In: INFORMATION AND SOFTWARE TECHNOLOGY. - ISSN 0950-5849. - STAMPA. - 45:(2003), pp. 619-631. [10.1016/S0950-5849(03)00049-1]
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/469589
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact