Secure System Design

System Design is a synthesis type activity. It creates (designs) a new system. The secure system design incorporates security mechanisms as an integral part of the system components. The phrase system design can also refer to the product of system design. So, the word design is used as a process as well as a product. Design as a process decides components and the best possible interconnections between components to solve a problem, i.e., to support the requirements specification.

Table of Contents

Design as product

Design as a product, i.e., design specification, the output of the design process includes:

  1. User Experience (i.e., Interface) Logic Component Design
  2. Application Business Logic Component Design
  3. Database Logic Component Design
  4. Telecommunication (i.e., API) Logic Component Design
  5. Test Specification Plan
  6. Standards Manual
  7. Implementation Plan

Figure 1 shows an overall system architecture as the design product. It has four major components—Secure Business Logic, Secure User Experience Logic, Secure Database Logic, and Secure API Logic components. The Secure Database Logic component contains software objects to communicate with and maintain database on a Database Server. It may include persistence objects. The Secure User Experience Logic component contains presentation and presentation logic objects. The presentation objects are objects that a user sees on a screen/display. Examples include webpages, toolbars, and menus etc. The presentation logic contains software objects that create/manipulate the presentation objects. The Secure Business Logic includes control objects and domain objects. Control objects typically orchestrate domain objects and presentation logic objects as per the user’s request. The Secure API Logic contains software objects to interact with a third-party system. Figure 1 shows the major dependencies between the components using the <<use>> relationship. For example, The Secure Business Logic component depends upon the

Figure 1. A typical system architecture showing the major components.

A diagram of a software Description automatically generated

Secure User Experience Logic, Secure Database Logic, and Secure API Logic components. Design as a process consists of several activities that produce various design artifacts (i.e., product) as mentioned above.

System Design Process

A diagram with text and arrows Description automatically generated Figure 2 shows a flow from the analysis activities (i.e., phase) to the design activities (i.e., phase). The requirements specification is the major input to the design process (i.e., phase). The design phase creates various models and documents to document the design of the various components (parts) of the system to be.

Figure 2. Diagram showing the analysis and design phases and their outputs.

The design process consists of several activities. These design activities correspond to the creation of various parts (components) of the system. These activities include:

  1. Ascertain the design environment given the requirements specification.
  2. Design the secure user experience logic component.
  3. Design the secure database logic component.
  4. Design the secure communication/Internet access logic component.
  5. Design the secure business application logic component.
  6. Specify the implementation plan.

Figure 1 shows the major architectural components mentioned above.

System Design Objective

The objective of system design is to produce a quality system. The quality of a system can be defined as the degree to which a system achieves its purpose effectively and securely. The quality of a system depends upon several factors such as the correct requirements specification, and a good design. In nutshell, a good design produces a secure system that is cheaper to build, maintain and modify. A more detailed enumeration of characteristics (i.e., attributes) of a quality system is listed as follows.

  1. Correctness
  2. Maintainability
  3. Modifiability
  4. Efficiency
  5. Understandability
  6. Reliability
  7. Flexibility
  8. Generality
  9. Utility
  10. Adaptability
  11. Resilience

We define these characteristics below.

Correctness

The correctness attribute refers to the degree to which a system performs correctly as per the requirements specification. In other words, correctness refers to the degree to which the system fulfils correctly its functional and non-functional requirements.

Maintainability

Maintainability implies fixing the lurking bugs in the system. It refers to the ability to fix bugs and make minor changes to the system easily. The maintainability attribute refers to the degree to which a system is maintainable. A quality system is easy to maintain.

Modifiability

Modifiability implies a controlled change, in which some components are altered to add/enhance some features while other components remain the same. Modifiability and maintainability attributes go hand in hand.

Efficiency

The efficiency of a system is generally measured by a ratio of the outputs to the given resources used to produce those outputs. Other things equal, maintainability and modifiability attributes should take precedence over the efficiency attributes.

Understandability

Understandability influences almost all the other characteristics of a quality system. For example, it has a direct influence on maintainability, modifiability, reliability, and utility. There are at least three audiences of a system’s understandability—user, management, and technical. Users should be able to comprehend the functionality, navigability, and the suitability of the system. The management audience should be able to comprehend the usability and the capability of the system. The technical audience should be able to comprehend the system’s architecture, source code, and configuration.

Reliability

Reliability relates to the ability of a system to operate failure-free and consistently. Reliability is typically measured by meantime between failure (MTBF). A consistent operation of a system is an operation where the system produces the same output for a given input. A quality design plays a crucial role in developing a reliable system. Reliability must be built-in from the start; it cannot be achieved by afterthought.

Flexibility

Flexibility is the ability of a system to deal with changes in the requirements and to interact with users in multiple ways. Thus, a system is flexible if it can be easily changed to support some minor variations in tasks. Also, a system is flexible if it allows a user to interact multiple ways to accomplish the same task. Flexibility is the opposite of rigidity. A system’s flexibility can be increased by designing low-coupled parts (i.e. components or modules) of the system.

Generality

Generality is the ability of a system to solve similar tasks within a theme. For example, a general ledger system that supports accounting activities of several countries is a more general system than a system which supports only one country. Another example of a general system is a sorting system that is able to sort numbers as well as alphanumeric values and not just the integers.

Utility

The utility of a system relates to its usability and relevance. No matter how well a system is designed it is of no use if it is not useful and easy to use by users.

Adaptability

Adaptability relates to the ability of a system to adjust to changing environments/requirements.

Resilience

Resilience relates to the ability of a system to deal with failures and to recover from their impacts. A resilient system has mechanisms to anticipate and cope with changing conditions and adapt to the changes in its environment. So, a resilient system is also an adaptive system.

The above characteristics of a system can be enhanced by following a set of well-established design Principles. A principle is a kind of rule or idea that guides system design. These design principles are empirical principles derived mainly from developers’ experiences.

System Design Principles

We discuss the following design principles briefly.

  1. Modularity
  2. Abstraction
  3. Localization
  4. Hiding
  5. Uniformity
  6. Confirmability
  7. Completeness
  8. Reusability
  9. Humanization
  10. Self-adaptation

Modularity

The modularity principle guides the structure of a system. Modularity deals with properties of hierarchical system structures. It helps in structuring a system in such a way that the attainment of the system’s purpose is easier. Modularity helps in achieving maintainability, modifiability, reliability, and efficiency.

The above principles are used as a guide to decide the appropriate components and the interaction between the components so that the system is resilient and easier to maintain and modify.

Abstraction

The essence of abstraction is to extract essential properties while omitting inessential details. Like modularity, abstraction is a very pervasive principle. A hierarchical decomposition in the form of “levels” shows abstraction in the clearest form. Each level of the decomposition presents an abstract view of the lower levels purely in the sense that details are subordinated to the lower levels. Abstraction interacts very strongly with the principle of modularity.

It helps bring in understandability in a system. It also aids in modifiability and maintainability.

Localization

The localization principle is concerned with physical proximity of things. Related things must be brought together all in one place. Thus, localization deals with physical interfaces, textual sequences, memory, etc. Subroutines, arrays, logical and physical records are examples of localization.

It enhances understandability.

Hiding

Hiding is concerned with defining and enforcing access constraints among different modules (components) of a system.

It helps maintainability and modifiability.

Uniformity

The uniformity principle espouses consistency among different things of a system. It means lack of inconsistencies and unnecessary differences. It generally associates with notations.

It helps understandability.

Confirmability

Confirmability is a principle that directs attention to methods for finding out whether stated goals of the system have been achieved. It helps correctness.

Completeness

This principle ensures that all essentials of an abstraction, for example, are explicit and that nothing essential has been omitted. It helps correctness.

Reusability

The reusability principle addresses the issue of creating software components that are reusable.

It helps generality.

Humanization

The humanization principle addresses the issue of humanizing a system. Humanizing a system refers to the ideas of making the system easy to use, easy to understand, and easy to follow, etc.

It helps utility.

Self-adaptation

Self-adaptation addresses the issue of improving a system’s self-properties like self-adaptive, self-protection, and self-healing, etc. Self-adaptation encourages the use of appropriate technology and mechanisms to design a system that adapts its behavior when context changes. It helps adaptability and resilience.

There are several architectural design and programming patterns to incorporate these and other design principles. We discuss software architecture, design patterns, MVC pattern, and General Responsibility Assignment Patterns, etc. in subsequent pages.

Leave a Reply

Your email address will not be published. Required fields are marked *