Abstract | ||
---|---|---|
Modeling of access control policies, along with their implementation in code, must be an integral part of the software development process, to ensure that the proper level of security in an application is attained. Previous work of the authors in this area yielded a framework that incorporates access control at the design and code levels, through a set of new extensions to UML and a set of approaches to enfoce access control in an application (Pavlich-Mariscal et al., 2010). An essential property of the code that has not been addressed by that framework is security assurance, which, in the context of this research, is to insure that the application code behaves consistently with the access control policy. This paper proposes a security assurance mechanism that formalizes the application behavior using labeled transition systems and structural operational semantics (Plotkin, 1981). Simulation relations (Milner, 1971) are used to demonstrate the correctness of the access control code with respect to the design. To validate the approach, this paper proves correctness of two access control enforcement mechanisms that are part of our case study: a basic approach to implement access control in code and an aspect-oriented approach. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1016/j.cose.2010.03.004 | Computers & Security |
Keywords | Field | DocType |
access control,security assurance,uml,formal methods,software development process,formal method,aspect oriented | Operational semantics,Computer science,Software security assurance,Computer security,Correctness,Role-based access control,Software development process,Access control,Formal methods,Code Access Security,Distributed computing | Journal |
Volume | Issue | ISSN |
29 | 7 | Computers & Security |
Citations | PageRank | References |
6 | 0.49 | 14 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jaime A. Pavlich-Mariscal | 1 | 43 | 8.72 |
Steven A. Demurjian | 2 | 314 | 136.36 |
Laurent D. Michel | 3 | 64 | 8.53 |