Achieving security assurance with assertion-based application construction

Carlos E. Rubio-Medrano, Gail-Joon Ahn, Karsten Sohr

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may be consequently occurred. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

Original languageEnglish (US)
Title of host publicationCollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages503-510
Number of pages8
ISBN (Print)9781631900433
DOIs
StatePublished - Jan 19 2015
Event10th IEEE/EAI International Conference on Collaborative Computing, CollaborateCom 2014 - Miami, United States
Duration: Oct 22 2014Oct 25 2014

Other

Other10th IEEE/EAI International Conference on Collaborative Computing, CollaborateCom 2014
CountryUnited States
CityMiami
Period10/22/1410/25/14

Fingerprint

Application programming interfaces (API)
Application programs
Access control
Specifications
Defects
Costs

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Cite this

Rubio-Medrano, C. E., Ahn, G-J., & Sohr, K. (2015). Achieving security assurance with assertion-based application construction. In CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (pp. 503-510). [7014605] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.4108/icst.collaboratecom.2014.257691

Achieving security assurance with assertion-based application construction. / Rubio-Medrano, Carlos E.; Ahn, Gail-Joon; Sohr, Karsten.

CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing. Institute of Electrical and Electronics Engineers Inc., 2015. p. 503-510 7014605.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Rubio-Medrano, CE, Ahn, G-J & Sohr, K 2015, Achieving security assurance with assertion-based application construction. in CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing., 7014605, Institute of Electrical and Electronics Engineers Inc., pp. 503-510, 10th IEEE/EAI International Conference on Collaborative Computing, CollaborateCom 2014, Miami, United States, 10/22/14. https://doi.org/10.4108/icst.collaboratecom.2014.257691
Rubio-Medrano CE, Ahn G-J, Sohr K. Achieving security assurance with assertion-based application construction. In CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing. Institute of Electrical and Electronics Engineers Inc. 2015. p. 503-510. 7014605 https://doi.org/10.4108/icst.collaboratecom.2014.257691
Rubio-Medrano, Carlos E. ; Ahn, Gail-Joon ; Sohr, Karsten. / Achieving security assurance with assertion-based application construction. CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 503-510
@inproceedings{8e41ff864d66424eae45b67dc45af1d3,
title = "Achieving security assurance with assertion-based application construction",
abstract = "Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may be consequently occurred. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.",
author = "Rubio-Medrano, {Carlos E.} and Gail-Joon Ahn and Karsten Sohr",
year = "2015",
month = "1",
day = "19",
doi = "10.4108/icst.collaboratecom.2014.257691",
language = "English (US)",
isbn = "9781631900433",
pages = "503--510",
booktitle = "CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Achieving security assurance with assertion-based application construction

AU - Rubio-Medrano, Carlos E.

AU - Ahn, Gail-Joon

AU - Sohr, Karsten

PY - 2015/1/19

Y1 - 2015/1/19

N2 - Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may be consequently occurred. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

AB - Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may be consequently occurred. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

UR - http://www.scopus.com/inward/record.url?scp=84923061990&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84923061990&partnerID=8YFLogxK

U2 - 10.4108/icst.collaboratecom.2014.257691

DO - 10.4108/icst.collaboratecom.2014.257691

M3 - Conference contribution

AN - SCOPUS:84923061990

SN - 9781631900433

SP - 503

EP - 510

BT - CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

PB - Institute of Electrical and Electronics Engineers Inc.

ER -