Abstract
Due to the lack of both precise definitions and effective software engineering methodologies, security principles are often neglected by software architects, resulting in potentially high-risk threats to the systems. This work lays the formal foundations for the understanding of the least privilege (LP) principle in software architectures and provides a technique to identify LP violations. The proposed approach is supported by tools and has been validated in four case studies, one of which is presented in detail in this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barkley, J.: Comparing simple role based access control models and access control lists. In: ACM Workshop on Role Based Access Control, RBAC (1997)
Bernstein, D.J.: Some thoughts on security after ten years of qmail 1.0. In: ACM Workshop on Computer Security Architecture (2007)
Brumley, D., Song, D.: Privtrans: Automatically partitioning programs for privilege separation. In: USENIX (2004)
Buyens, K., De Win, B., Joosen, W.: Resolving least privilege violations in software architectures. In: Workshop on Software Engineering for Secure Systems, SESS (2009)
Buyens, K., Scandariato, R., Joosen, W.: Process activities supporting security principles. In: International Workshop on Security in Software Engineering, IWSSE (2007)
Dashofy, E., Asuncion, H., Hendrickson, S., Suryanarayana, G., Georgas, J., Taylor, R.: Archstudio 4: An architecture-based meta-modeling environment. In: ICSE Companion (2007)
Debie, E., De Ryck, P.: Non-repudiation middleware for web-based architectures. Master’s thesis, Katholieke Universiteit Leuven (2009)
Höhn, S., Jürjens, J.: Rubacon: automated support for model-based compliance engineering. In: ICSE (2008)
Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press (2006)
Jürjens, J.: Secure Systems Development With UML. Springer, Heidelberg (2005)
Van Landuyt, D., Grégoire, J., Michiels, S., Truyen, E., Joosen, W.: Architectural design of a digital publishing system. Technical Report CW465, Katholieke Universiteit Leuven (2006)
MSDN Library. Access control lists, http://msdn.microsoft.com
Morandini, M., Nguyen, D.C., Perini, A., Siena, A., Susi, A.: Tool-supported development with tropos: The conference management system case study. In: Luck, M., Padgham, L. (eds.) Agent-Oriented Software Engineering VIII. LNCS, vol. 4951, pp. 182–196. Springer, Heidelberg (2008)
Provos, N.: Improving host security with system call policies. In: USENIX Security Symposium (2003)
Ren, J.: A connector-centric approach to architectural access control. PhD thesis, University of California Irvine (2006)
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: The protection of information in computer systems. IEEE Computer 29(2), 38–47 (1996)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)
Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley, Reading (2002)
White, S.A.: Business process modeling notation. BPMI.org (2004)
Wing, J.: A call to action: Look beyond the horizon. IEEE Security & Privacy 1(6), 62–67 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Scandariato, R., Buyens, K., Joosen, W. (2010). Automated Detection of Least Privilege Violations in Software Architectures. In: Babar, M.A., Gorton, I. (eds) Software Architecture. ECSA 2010. Lecture Notes in Computer Science, vol 6285. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15114-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-15114-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15113-2
Online ISBN: 978-3-642-15114-9
eBook Packages: Computer ScienceComputer Science (R0)