University of Calgary
The development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of both open source and closed software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring their interfaces, interconnections and configuration. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. The authors are developing an approach for understanding and modeling software security requirements as \"Security licenses\", as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment.