SecCom: A prototype for integrating security-aware components

Abstract

This paper addresses information security from systems development point of view. This paper presents a prototype demonstrating how security-aware software components can be composed with other remote objects in terms of security compliances. It shows that the integration between two third-party components can be formed based on the compliance of their security requirements and assurances. With a running example, the paper attempts to demonstrate how the compliance of security requirements of a component is checked, and how a viable integration between software components is formed matching the security requirements of each other. The paper also describes the underlying architecture of the prototype.