My research interest centers around pragmatic software development, with an emphasis on infrastructure and architecture support for secure, large-scale, and heterogeneous software. Specially, I am interested in how to achieve a secure software architecture in architecture-driven, component-based, message-oriented software development.

Secure Software Architecture, July 2003--December 2005

This research explores notations, techniques and tools to support design and analysis of security of component-based software. The insights are that a secure software architecture methodology advances state of art for secure software design and analysis, and that a first class connector facilitates expressing, constructing, integrating, enforcing, reusing and evolving security properties among heterogeneous components.

This research about secure software architecture focuses on architectural access control. It is based a secure software architecture description language, Secure xADL, which includes a set of security extensions to the xADL architecture description language. The proposed extensions model core security concepts: subject, principal, permission, resource, privilege, safeguard, and policy. These extensions enable supporting different access control models in a software architectural environment. Four types of contexts for architectural access control are also identified: 1) the nearby constituents of components and connectors, 2) the types of components and connectors, 3) the containing sub-architecture, and 4) the global architecture. The language is aided by usable design, analysis and execution tools. The language and its support tools facilitate software architects to adopt this methodology for designing and analyzing secure software architecture.

The contributions of this research include:

Event-based Security Visualization, April 2004--September 2005

The Swirl project investigates how usable security can be achieved by visualizing security-relevant events delivered by the messaging infrastructure. The research hypotheses are as follows. First, traditional security mechanisms must be utilized in a user-centered context to provide effective security for users. Second, users make security related decisions within a context. Different contexts require different degrees of security. Third, users’ perceptions of the context can be facilitated by visualizing security related events that come from heterogeneous sources. Finally, perceptions and decisions related to security should be well integrated with users’ main tasks.

The Impromptu file sharing application is the test bed for these hypotheses. A description of its secure architecture design can be found here. The security goals of Impromptu are to make security visible and to ease security configuration. A first prototype is available here. It uses a secure WebDAV connector that employs an IP address-based authentication scheme and a method-based authorization mechanism. A rearchitected version is under development. This version uses standard web.xml deployment descriptor authorization and WebDAV ACL authorization.

Bridge between procedure call and message passing, August 2002--June 2003

The aim of this project is to design a bridge that integrates two software communication paradigms, procedure call and message passing, seamlessly, so a component written according to one paradigm can use its native communication style to interoperate with a component written in another paradigm. A library that bridges COM and ArchStudio 3 has been developed as a proof of concept. Here is its description.

Visio Editor for C2/xADL, July 2000--October 2001

Visio Editor for C2/xADL is a graphical front end of ArchStudio 3. It can be used to create and visualize xADL 2.0 documents graphically, with special support for the C2 architecture style. It is based on Microsoft Visio. Here are some background information and a short talk about it.