@inproceedings{c38d40fd7a034305bb1af8520bafbbb9,
title = "Verifying access control properties with design by contract: Framework and lessons learned",
abstract = "Ensuring the correctness of high-level security properties including access control policies in mission-critical applications is indispensable. Recent literature has shown how immaturity of such properties has caused serious security vulnerabilities, which are likely to be exploited by malicious parties for compromising a given application. This situation gets aggravated by the fact that modern applications are mostly built on previously developed reusable software modules and any failures in security properties in these reusable modules may lead to vulnerabilities across associated applications. In this paper, we propose a framework to address this issue by adopting Design by Contract (DBC) features. Our framework accommodates security properties in each application focusing on access control requirements. We demonstrate how access control requirements based on ANSI RBAC standard model can be specified and verified at the source code level.",
keywords = "Access control, Formal verification, Security",
author = "Rubio-Medrano, {Carlos E.} and Gail-Joon Ahn and Karsten Sohr",
year = "2013",
doi = "10.1109/COMPSAC.2013.7",
language = "English (US)",
isbn = "9780769549866",
series = "Proceedings - International Computer Software and Applications Conference",
publisher = "IEEE Computer Society",
pages = "21--26",
booktitle = "Proceedings - 2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013",
note = "2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013 ; Conference date: 22-07-2013 Through 26-07-2013",
}