Efficiently managing security concerns in component based system design

Component-based software development (CBSD) offers many advantages like reduced product time to market, reduced complexity and cost etc. Despite these advantages its wide scale utilization in developing security critical systems is currently hampered because of lack, of suitable design techniques to efficiently manage the complete system security concerns in the development process. The use of commercial of the shelf (COTS) components can introduce various security and reliability risks in the system. In this paper we propose a methodology for efficient management of all the system security concerns involved in the design of component based systems. Our methodology is based on formally representing the system security specifications and component capabilities. We identify the metrics for correlating both and suggest extensions to a previously proposed software development process, for selection of suitable components and integration mechanisms. The proposed solution ensures due treatment of all the security concerns for the complete system in the acquisition efforts.