Options
Automated detection of least privilege violations in software architectures
Publikationstyp
Conference Paper
Publikationsdatum
2010-08
Sprache
English
First published in
Number in series
6285 LNCS
Start Page
150
End Page
165
Citation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 6285 LNCS: 150-165 (2010-11-05)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
Springer
Due to the lack of both precise definitions and effective software engineering methodologies, security principles are often neglected by software architects, resulting in potentially high-risk threats to the systems. This work lays the formal foundations for the understanding of the least privilege (LP) principle in software architectures and provides a technique to identify LP violations. The proposed approach is supported by tools and has been validated in four case studies, one of which is presented in detail in this paper.
Schlagworte
Architectural analysis
Least privilege
Security
DDC Class
004: Informatik