Least privilege analysis in software architectures

Buyens, Koen; Scandariato, Riccardo; Joosen, Wouter

Least privilege analysis in software architectures

Publikationstyp

Journal Article

Date Issued

2011-11-09

Sprache

English

Author(s)

Buyens, Koen

Scandariato, Riccardo

Joosen, Wouter

TORE-URI

http://hdl.handle.net/11420/14956

Journal

Software and systems modeling

Volume

12

Issue

2

Start Page

331

End Page

348

Citation

Software and Systems Modeling 12 (2): 331-348 (2013-05-01)

Publisher DOI

10.1007/s10270-011-0218-8

Scopus ID

2-s2.0-84878176784

Publisher

Springer

Due to the lack of both precise definitions and effective software engineering methodologies, security design principles are often neglected by software architects, resulting in potentially high-risk threats to systems. This work lays the formal foundations for understanding the security design principle of least privilege in software architectures and provides a technique to identify violations against this principle. The technique can also be leveraged to analyze violations against the security design principle of separation of duties. The proposed approach is supported by tools and has been validated in four case studies, two of which are presented in detail in this paper.

Subjects

Least privilege

Security analysis

Software architecture

DDC Class

004: Informatik

Options

Least privilege analysis in software architectures