Verifying access control properties with design by contract: Framework and lessons learned

Carlos E. Rubio-Medrano, Gail-Joon Ahn, Karsten Sohr

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Ensuring the correctness of high-level security properties including access control policies in mission-critical applications is indispensable. Recent literature has shown how immaturity of such properties has caused serious security vulnerabilities, which are likely to be exploited by malicious parties for compromising a given application. This situation gets aggravated by the fact that modern applications are mostly built on previously developed reusable software modules and any failures in security properties in these reusable modules may lead to vulnerabilities across associated applications. In this paper, we propose a framework to address this issue by adopting Design by Contract (DBC) features. Our framework accommodates security properties in each application focusing on access control requirements. We demonstrate how access control requirements based on ANSI RBAC standard model can be specified and verified at the source code level.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013
PublisherIEEE Computer Society
Pages21-26
Number of pages6
ISBN (Print)9780769549866
DOIs
StatePublished - Jan 1 2013
Event2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013 - Kyoto, Japan
Duration: Jul 22 2013Jul 26 2013

Publication series

NameProceedings - International Computer Software and Applications Conference
ISSN (Print)0730-3157

Conference

Conference2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013
CountryJapan
CityKyoto
Period7/22/137/26/13

Keywords

  • Access control
  • Formal verification
  • Security

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Verifying access control properties with design by contract: Framework and lessons learned'. Together they form a unique fingerprint.

  • Cite this

    Rubio-Medrano, C. E., Ahn, G-J., & Sohr, K. (2013). Verifying access control properties with design by contract: Framework and lessons learned. In Proceedings - 2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013 (pp. 21-26). [6649794] (Proceedings - International Computer Software and Applications Conference). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2013.7