Options
Least privilege analysis in software architectures
Publikationstyp
Journal Article
Publikationsdatum
2011-11-09
Sprache
English
Enthalten in
Volume
12
Issue
2
Start Page
331
End Page
348
Citation
Software and Systems Modeling 12 (2): 331-348 (2013-05-01)
Publisher DOI
Scopus ID
Publisher
Springer
Due to the lack of both precise definitions and effective software engineering methodologies, security design principles are often neglected by software architects, resulting in potentially high-risk threats to systems. This work lays the formal foundations for understanding the security design principle of least privilege in software architectures and provides a technique to identify violations against this principle. The technique can also be leveraged to analyze violations against the security design principle of separation of duties. The proposed approach is supported by tools and has been validated in four case studies, two of which are presented in detail in this paper.
Schlagworte
Least privilege
Security analysis
Software architecture
DDC Class
004: Informatik