Composition of least privilege analysis results in software architectures

Publikationstyp
Conference Paper
Date Issued
2011-05
Sprache
English
Author(s)
Buyens, Koen  
Scandariato, Riccardo  
Joosen, Wouter  
TORE-URI
http://hdl.handle.net/11420/14972
Start Page
29
End Page
35
Citation
Proceedings - International Conference on Software Engineering: 29-35 (2011-06-29)
Contribution to Conference
7th International Workshop on Software Engineering for Secure Systems, SESS 2011  
Publisher DOI
10.1145/1988630.1988637
Scopus ID
2-s2.0-79959564673
Publisher
ACM
Security principles are often neglected by software architects, due to the lack of precise definitions. This results in potentially high-risk threats to systems. Our own previous work tackled this by introducing formal foundations for the least privilege (LP) principle in software architectures and providing a technique to identify violations to this principle. This work shows that this technique can scale by composing the results obtained from the analysis of the sub-parts of a larger system. The technique decomposes the system into independently described subsystems and a description listing the interactions between these subsystems. These descriptions are thence analyzed to obtain LP violations and subsequently composed to obtain the violations of the overall system.
Subjects
Least privilege
Security analysis
Software architecture
DDC Class
004: Informatik