A framework of composable access control definition, enforcement and assurance

Jaime A. Pavlich-Mariscal; Steven A. Demurjian; Laurent D. Michel

doi:10.1109/SCCC.2008.18

A framework of composable access control definition, enforcement and assurance

Jaime A. Pavlich-Mariscal, Steven A. Demurjian, Laurent D. Michel

Producción: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

5 Citas (Scopus)

Resumen

This paper proposes an approach for secure software design and coding; and, it provides a formal underpinning for security assurance, i.e., a proof that the generated code correctly realizes security specifications. The base of the proposed approach is a set of security features [17] that separate security concerns from the main design. To create specific access control models, designers can select the features they require, compose them, and represent them through security diagrams [17], i.e., extensions to UML to represent security concerns. These security specifications are then transitioned into aspect-oriented enforcement code. To provide security assurance, this paper formalizes the application behavior using labeled transition systems and structural operational semantics; and it uses simulation relations to demonstrate the correctness of the secure code.

Idioma original	Inglés
Título de la publicación alojada	Proceedings - International Conference of the Chilean Computer Science Society, SCCC 2008
Páginas	13-22
Número de páginas	10
DOI	https://doi.org/10.1109/SCCC.2008.18
Estado	Publicada - 2008
Publicado de forma externa	Sí
Evento	27th International Conference of the Chilean Computer Science Society, SCCC 2008 - Punta Arenas, Chile Duración: 10 nov. 2008 → 14 nov. 2008

Serie de la publicación

Nombre	Proceedings - International Conference of the Chilean Computer Science Society, SCCC
ISSN (versión impresa)	1522-4902

Conferencia

Conferencia	27th International Conference of the Chilean Computer Science Society, SCCC 2008
País/Territorio	Chile
Ciudad	Punta Arenas
Período	10/11/08 → 14/11/08

Acceder al documento

10.1109/SCCC.2008.18

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Pavlich-Mariscal, J. A., Demurjian, S. A., & Michel, L. D. (2008). A framework of composable access control definition, enforcement and assurance. En Proceedings - International Conference of the Chilean Computer Science Society, SCCC 2008 (pp. 13-22). Artículo 4685759 (Proceedings - International Conference of the Chilean Computer Science Society, SCCC). https://doi.org/10.1109/SCCC.2008.18

@inproceedings{91f2fb4c8fff471c937c17cb11ccb3ec,

title = "A framework of composable access control definition, enforcement and assurance",

abstract = "This paper proposes an approach for secure software design and coding; and, it provides a formal underpinning for security assurance, i.e., a proof that the generated code correctly realizes security specifications. The base of the proposed approach is a set of security features [17] that separate security concerns from the main design. To create specific access control models, designers can select the features they require, compose them, and represent them through security diagrams [17], i.e., extensions to UML to represent security concerns. These security specifications are then transitioned into aspect-oriented enforcement code. To provide security assurance, this paper formalizes the application behavior using labeled transition systems and structural operational semantics; and it uses simulation relations to demonstrate the correctness of the secure code.",

author = "Pavlich-Mariscal, {Jaime A.} and Demurjian, {Steven A.} and Michel, {Laurent D.}",

year = "2008",

doi = "10.1109/SCCC.2008.18",

language = "English",

isbn = "9780769534039",

series = "Proceedings - International Conference of the Chilean Computer Science Society, SCCC",

pages = "13--22",

booktitle = "Proceedings - International Conference of the Chilean Computer Science Society, SCCC 2008",

note = "27th International Conference of the Chilean Computer Science Society, SCCC 2008 ; Conference date: 10-11-2008 Through 14-11-2008",

}

Pavlich-Mariscal, JA, Demurjian, SA & Michel, LD 2008, A framework of composable access control definition, enforcement and assurance. En Proceedings - International Conference of the Chilean Computer Science Society, SCCC 2008., 4685759, Proceedings - International Conference of the Chilean Computer Science Society, SCCC, pp. 13-22, 27th International Conference of the Chilean Computer Science Society, SCCC 2008, Punta Arenas, Chile, 10/11/08. https://doi.org/10.1109/SCCC.2008.18

A framework of composable access control definition, enforcement and assurance. / Pavlich-Mariscal, Jaime A.; Demurjian, Steven A.; Michel, Laurent D.
Proceedings - International Conference of the Chilean Computer Science Society, SCCC 2008. 2008. p. 13-22 4685759 (Proceedings - International Conference of the Chilean Computer Science Society, SCCC).

Producción: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - A framework of composable access control definition, enforcement and assurance

AU - Pavlich-Mariscal, Jaime A.

AU - Demurjian, Steven A.

AU - Michel, Laurent D.

PY - 2008

Y1 - 2008

N2 - This paper proposes an approach for secure software design and coding; and, it provides a formal underpinning for security assurance, i.e., a proof that the generated code correctly realizes security specifications. The base of the proposed approach is a set of security features [17] that separate security concerns from the main design. To create specific access control models, designers can select the features they require, compose them, and represent them through security diagrams [17], i.e., extensions to UML to represent security concerns. These security specifications are then transitioned into aspect-oriented enforcement code. To provide security assurance, this paper formalizes the application behavior using labeled transition systems and structural operational semantics; and it uses simulation relations to demonstrate the correctness of the secure code.

AB - This paper proposes an approach for secure software design and coding; and, it provides a formal underpinning for security assurance, i.e., a proof that the generated code correctly realizes security specifications. The base of the proposed approach is a set of security features [17] that separate security concerns from the main design. To create specific access control models, designers can select the features they require, compose them, and represent them through security diagrams [17], i.e., extensions to UML to represent security concerns. These security specifications are then transitioned into aspect-oriented enforcement code. To provide security assurance, this paper formalizes the application behavior using labeled transition systems and structural operational semantics; and it uses simulation relations to demonstrate the correctness of the secure code.

UR - http://www.scopus.com/inward/record.url?scp=58049165369&partnerID=8YFLogxK

U2 - 10.1109/SCCC.2008.18

DO - 10.1109/SCCC.2008.18

M3 - Conference contribution

AN - SCOPUS:58049165369

SN - 9780769534039

T3 - Proceedings - International Conference of the Chilean Computer Science Society, SCCC

SP - 13

EP - 22

BT - Proceedings - International Conference of the Chilean Computer Science Society, SCCC 2008

T2 - 27th International Conference of the Chilean Computer Science Society, SCCC 2008

Y2 - 10 November 2008 through 14 November 2008

ER -

A framework of composable access control definition, enforcement and assurance

Resumen

Serie de la publicación

Conferencia

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto