Paper Info
Title
A framework for security assurance of access control enforcement code
Abstract
Modeling of access control policies, along with their implementation in code, must be an integral part of the software development process, to ensure that the proper level of security in an application is attained. Previous work of the authors in this area yielded a framework that incorporates access control at the design and code levels, through a set of new extensions to UML and a set of approaches to enfoce access control in an application (Pavlich-Mariscal et al., 2010). An essential property of the code that has not been addressed by that framework is security assurance, which, in the context of this research, is to insure that the application code behaves consistently with the access control policy. This paper proposes a security assurance mechanism that formalizes the application behavior using labeled transition systems and structural operational semantics (Plotkin, 1981). Simulation relations (Milner, 1971) are used to demonstrate the correctness of the access control code with respect to the design. To validate the approach, this paper proves correctness of two access control enforcement mechanisms that are part of our case study: a basic approach to implement access control in code and an aspect-oriented approach.
Year
DOI
Venue
2010
10.1016/j.cose.2010.03.004
Computers & Security
Keywords
Field
DocType
access control,security assurance,uml,formal methods,software development process,formal method,aspect oriented
Operational semantics,Computer science,Software security assurance,Computer security,Correctness,Role-based access control,Software development process,Access control,Formal methods,Code Access Security,Distributed computing
Journal
Volume
Issue
ISSN
29
7
Computers & Security
Citations 
PageRank 
References 
6
0.49
14
Authors
3
Name
Order
Citations
PageRank
Jaime A. Pavlich-Mariscal1438.72
Steven A. Demurjian2314136.36
Laurent D. Michel3648.53