Role-Based Access Control Models
Computer
Comparing simple role based access control models and access control lists
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
ACM Transactions on Information and System Security (TISSEC)
A connector-centric approach to architectural access control
A connector-centric approach to architectural access control
The Security Development Lifecycle
The Security Development Lifecycle
ArchStudio 4: An Architecture-Based Meta-Modeling Environment
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Process Activities Supporting Security Principles
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
A Call to Action: Look Beyond the Horizon
IEEE Security and Privacy
Resolving least privilege violations in software architectures
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Tool-supported development with Tropos: the conference management system case study
AOSE'07 Proceedings of the 8th international conference on Agent-oriented software engineering VIII
Secure Systems Development with UML
Secure Systems Development with UML
Composition of least privilege analysis results in software architectures (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Hi-index | 0.00 |
Due to the lack of both precise definitions and effective software engineering methodologies, security principles are often neglected by software architects, resulting in potentially high-risk threats to the systems. This work lays the formal foundations for the understanding of the least privilege (LP) principle in software architectures and provides a technique to identify LP violations. The proposed approach is supported by tools and has been validated in four case studies, one of which is presented in detail in this paper.