A Framework of Composable Access Control Definition, Enforcement and Assurance

Author

Pavlich-Mariscal, Jaime A. ; Demurjian, Steven A. ; Michel, Laurent D.

Author_Institution

Dept. de Ing. de Sist. y Comput., Univ. Catolica del Norte, Antofagasta

fYear

2008

fDate

10-14 Nov. 2008

Firstpage

13

Lastpage

22

Abstract

This paper proposes an approach for secure software design and coding; and, it provides a formal underpinning for security assurance, i.e., a proof that the generated code correctly realizes security specifications. The base of the proposed approach is a set of security features by J. Pavlich-Mariscal et al (2007) that separate security concerns from the main design. To create specific access control models, designers can select the features they require, compose them, and represent them through security diagrams, i.e., extensions to UML to represent security concerns. These security specifications are then transitioned into aspect-oriented enforcement code. To provide security assurance, this paper formalizes the application behavior using labeled transition systems and structural operational semantics; and it uses simulation relations to demonstrate the correctness of the secure code.

Keywords

Unified Modeling Language; authorisation; formal specification; object-oriented methods; UML; aspect-oriented enforcement code; composable access control; labeled transition system; security assurance; security specification; structural operational semantics; Access control; Application software; Computer science; Programming profession; Security; Software design; Software engineering; Unified modeling language; Visualization; Access Control; Security Assurance; UML;

fLanguage

English

Publisher

ieee

Conference_Titel

Chilean Computer Science Society, 2008. SCCC '08. International Conference of the

Conference_Location

Punta Arenas

ISSN

1522-4902

Print_ISBN

978-0-7695-3403-9

Type

conf

DOI

10.1109/SCCC.2008.18

Filename

4685759