Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.
Details
- Achieving Security Assurance With Assertion-Based Application Construction
- Rubio Medrano, Carlos (Author)
- Ahn, Gail-Joon (Author)
- Sohr, Karsten (Author)
- Ira A. Fulton Schools of Engineering (Contributor)
-
Digital object identifier: 10.4108/eai.21-12-2015.150819
-
Identifier TypeInternational standard serial numberIdentifier Value2312-8623
-
The final version of this article, as published in EAI Endorsed Transactions on Collaborative Computing, can be viewed online at: http://eudl.eu/doi/10.4108/eai.21-12-2015.150819
Citation and reuse
Cite this item
This is a suggested citation. Consult the appropriate style guide for specific citation guidelines.
Rubio-Medrano, C. E., Ahn, G., & Sohr, K. (2015). Achieving Security Assurance with Assertion-based Application Construction. EAI Endorsed Transactions on Collaborative Computing, 1(6), 150819. doi:10.4108/eai.21-12-2015.150819