A framework for security assurance of access control enforcement code

Modeling of access control policies, along with their implementation in code, must be an integral part of the software development process, to ensure that the proper level of security in an application is attained. Previous work of the authors in this area yielded a framework that incorporates access control at the design and code levels, through a set of new extensions to UML and a set of approaches to enfoce access control in an application (Pavlich-Mariscal et al., 2010). An essential property of the code that has not been addressed by that framework is security assurance, which, in the context of this research, is to insure that the application code behaves consistently with the access control policy. This paper proposes a security assurance mechanism that formalizes the application behavior using labeled transition systems and structural operational semantics (Plotkin, 1981). Simulation relations (Milner, 1971) are used to demonstrate the correctness of the access control code with respect to the design. To validate the approach, this paper proves correctness of two access control enforcement mechanisms that are part of our case study: a basic approach to implement access control in code and an aspect-oriented approach.