CCMSec extension
An extension of the CORBA Component Model (CCM) with security concepts.
Specurity Aspects
Name
Description
An assembly describes the initial configuration of the application at runtime, it defines which component instance (InstanceDef) to use, how many to use, and how to connect them. Each component instance has ports defined by the corresponding component(-type) that contain the required security information (ConnectionEndDef).
Specification Elements
Name
Description
Contains the PermittedOperations that user with this role are allowed to execute.
An reference to an operation of the system.
References a component instance to define the initial configuration of the application at run-time to use and how many and how to interconnect them to each other via ConnectionEndDef.
Adds the required security information to the ports of a component.
Security Aspects
Access Control
An assembly describes the initial configuration of the application at runtime, it defines which component instance (InstanceDef) to use, how many to use, and how to connect them. Each component instance has ports defined by the corresponding component(-type) that contain the required security information (ConnectionEndDef).- Specification Elements:
- InstanceDef
- ConnectionEndDef
- PermittedOperation
- RoleDef
- Threats:
- Information Disclosure
- Tampering with Data
Specification Elements
RoleDef
Contains the PermittedOperations that user with this role are allowed to execute.PermittedOperation
An reference to an operation of the system.- Applies to:
- Activity
InstanceDef
References a component instance to define the initial configuration of the application at run-time to use and how many and how to interconnect them to each other via ConnectionEndDef.- Applies to:
- Component
ConnectionEndDef
Adds the required security information to the ports of a component.- Applies to:
- InformationFlow