Automated detection of least privilege violations in software architectures

Authors:
Riccardo Scandariato;Koen Buyens;Wouter Joosen
Affiliations:
IBBT-DistriNet, Katholieke Universiteit Leuven, Leuven, Belgium;IBBT-DistriNet, Katholieke Universiteit Leuven, Leuven, Belgium;IBBT-DistriNet, Katholieke Universiteit Leuven, Leuven, Belgium
Venue:
ECSA'10 Proceedings of the 4th European conference on Software architecture
Year:
2010

Citing 14
Cited 1

Role-Based Access Control Models

Computer
Comparing simple role based access control models and access control lists

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
A connector-centric approach to architectural access control

A connector-centric approach to architectural access control
The Security Development Lifecycle

The Security Development Lifecycle
ArchStudio 4: An Architecture-Based Meta-Modeling Environment

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Improving host security with system call policies

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Process Activities Supporting Security Principles

COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Some thoughts on security after ten years of qmail 1.0

Proceedings of the 2007 ACM workshop on Computer security architecture
A Call to Action: Look Beyond the Horizon

IEEE Security and Privacy
Resolving least privilege violations in software architectures

IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Tool-supported development with Tropos: the conference management system case study

AOSE'07 Proceedings of the 8th international conference on Agent-oriented software engineering VIII
Secure Systems Development with UML

Secure Systems Development with UML

Composition of least privilege analysis results in software architectures (position paper)

Proceedings of the 7th International Workshop on Software Engineering for Secure Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Due to the lack of both precise definitions and effective software engineering methodologies, security principles are often neglected by software architects, resulting in potentially high-risk threats to the systems. This work lays the formal foundations for the understanding of the least privilege (LP) principle in software architectures and provides a technique to identify LP violations. The proposed approach is supported by tools and has been validated in four case studies, one of which is presented in detail in this paper.