TY - GEN
T1 - Achieving security assurance with assertion-based application construction
AU - Rubio-Medrano, Carlos E.
AU - Ahn, Gail-Joon
AU - Sohr, Karsten
N1 - Publisher Copyright:
© 2014 ICST.
PY - 2015/1/19
Y1 - 2015/1/19
N2 - Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may be consequently occurred. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.
AB - Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may be consequently occurred. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.
UR - http://www.scopus.com/inward/record.url?scp=84923061990&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84923061990&partnerID=8YFLogxK
U2 - 10.4108/icst.collaboratecom.2014.257691
DO - 10.4108/icst.collaboratecom.2014.257691
M3 - Conference contribution
AN - SCOPUS:84923061990
T3 - CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing
SP - 503
EP - 510
BT - CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 10th IEEE/EAI International Conference on Collaborative Computing, CollaborateCom 2014
Y2 - 22 October 2014 through 25 October 2014
ER -