Achieving Security Assurance with Assertion-based Application Construction
Journal Title: EAI Endorsed Transactions on Collaborative Computing - Year 2015, Vol 1, Issue 6
Abstract
Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.
Authors and Affiliations
Carlos E. Rubio-Medrano, Gail-Joon Ahn, Karsten Sohr
Keywords
Related Articles
- EP ID EP45707
- DOI http://dx.doi.org/10.4108/eai.21-12-2015.150819
- Views 309
- Downloads 0
Guest Editorial: Selected Papers from IEEE IEEE/EAI CollaborateCom 2013
This issue of EAI Transactions on Collaborative Computing includes extended versions of articles selected from the program of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications...
Harnessing Context for Vandalism Detection in Wikipedia
The importance of collaborative social media (CSM) applications such as Wikipedia to modern free societies can hardly be overemphasized. By allowing end users to freely create and edit content, Wikipedia has greatly faci...
Testing Software Using Swarm Intelligence: A Bee Colony Optimization Approach
Software testing is a critical activity in increasing our confidence of a system under test and improving its quality. The key idea for testing a software application is to minimize the number of faults found in the syst...
A Novel Stackelberg-Bertrand Game Model for Pricing Content Provider
With the popularity of smart devices such as smartphone, tablet, contents that traditionally be viewed on a personal computer, can also be viewed on these smart devices. The demand for contents thus is increasing year by...
Designing Behaviour in Bio-inspired Robots Using Associative Topologies of Spiking-Neural-Networks
This study explores the design and control of the behaviour of agents and robots using simple circuits of spiking neurons and Spike Timing Dependent Plasticity (STDP) as a mechanism of associative and unsupervised learni...