Buyens, KoenKoenBuyensScandariato, RiccardoRiccardoScandariatoJoosen, WouterWouterJoosen2023-03-102023-03-102011-05Proceedings - International Conference on Software Engineering: 29-35 (2011-06-29)http://hdl.handle.net/11420/14972Security principles are often neglected by software architects, due to the lack of precise definitions. This results in potentially high-risk threats to systems. Our own previous work tackled this by introducing formal foundations for the least privilege (LP) principle in software architectures and providing a technique to identify violations to this principle. This work shows that this technique can scale by composing the results obtained from the analysis of the sub-parts of a larger system. The technique decomposes the system into independently described subsystems and a description listing the interactions between these subsystems. These descriptions are thence analyzed to obtain LP violations and subsequently composed to obtain the violations of the overall system.enLeast privilegeSecurity analysisSoftware architectureInformatikConference Paper10.1145/1988630.1988637Other