Composition of least privilege analysis results in software architectures (position paper)

Authors:
Koen Buyens;Riccardo Scandariato;Wouter Joosen
Affiliations:
Katholieke Universiteit, Leuven, Belgium;Katholieke Universiteit, Leuven, Belgium;Katholieke Universiteit, Leuven, Belgium
Venue:
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Year:
2011

Citing 3
Cited 1

A connector-centric approach to architectural access control

A connector-centric approach to architectural access control
Resolving least privilege violations in software architectures

IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Automated detection of least privilege violations in software architectures

ECSA'10 Proceedings of the 4th European conference on Software architecture

Seventh international workshop on software engineering for secure systems (SESS 2011)

Proceedings of the 33rd International Conference on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security principles are often neglected by software architects, due to the lack of precise definitions. This results in potentially high-risk threats to systems. Our own previous work tackled this by introducing formal foundations for the least privilege (LP) principle in software architectures and providing a technique to identify violations to this principle. This work shows that this technique can scale by composing the results obtained from the analysis of the sub-parts of a larger system. The technique decomposes the system into independently described subsystems and a description listing the interactions between these subsystems. These descriptions are thence analyzed to obtain LP violations and subsequently composed to obtain the violations of the overall system.