A framework for security assurance of access control enforcement code

Modeling of access control policies, along with their implementation in code, must be an integral part of the software development process, to ensure that the proper level of security in an application is attained. Previous work of the authors in this area yielded a framework that incorporates access control at the design and code levels, through a set of new extensions to UML and a set of approaches to enfoce access control in an application (Pavlich-Mariscal et al., 2010). An essential property of the code that has not been addressed by that framework is security assurance, which, in the context of this research, is to insure that the application code behaves consistently with the access control policy. This paper proposes a security assurance mechanism that formalizes the application behavior using labeled transition systems and structural operational semantics (Plotkin, 1981). Simulation relations (Milner, 1971) are used to demonstrate the correctness of the access control code with respect to the design. To validate the approach, this paper proves correctness of two access control enforcement mechanisms that are part of our case study: a basic approach to implement access control in code and an aspect-oriented approach.

[1]  Thuong Nguyen Doan A framework for software security in UML with assurance , 2008 .

[2]  Mira Mezini,et al.  Aspects and class-based security: a survey of interactions between advice weaving and the Java 2 security model , 2008, VMIL '08.

[3]  João P. Cachopo,et al.  Combining software transactional memory with a domain modeling language to simplify web application development , 2006, ICWE '06.

[4]  Daniel S. Dantas Analyzing security advice in functional aspect-oriented programming languages , 2007 .

[5]  Manfred Broy Engineering Theories of Software Intensive Systems , 2005 .

[6]  Lufeng Zhang,et al.  Toward a Reusable and Generic Security Aspect Library , 2004 .

[7]  Indrakshi Ray,et al.  Verifiable composition of access control and application features , 2005, SACMAT '05.

[9]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[10]  Gregor Kiczales,et al.  Aspect-oriented programming , 1996, CSUR.

[11]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[12]  Duminda Wijesekera,et al.  Consistent and Complete Access Control Policies in Use Cases , 2003, UML.

[13]  John Vlissides,et al.  Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications , 2001, OOPSLA 2001.

[14]  David A. Basin Model driven security , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[15]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[16]  Bart De Win,et al.  Engineering application-level security through aspect-oriented software development , 2004 .

[17]  Prabir Bhattacharya,et al.  lambda_SAOP: A Security AOP Calculus , 2009, Comput. J..

[18]  Mourad Debbabi,et al.  A High-level Aspect-oriented-based Framework for Software Security Hardening , 2008, Inf. Secur. J. A Glob. Perspect..

[19]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[20]  Raju Pandey,et al.  Providing Fine-Grained Access Control for Mobile Programs Through Binary Editing , 1998 .

[21]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[22]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[23]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[24]  Gary McGraw,et al.  From the Ground Up: The DIMACS Software Security Workshop , 2003, IEEE Secur. Priv..

[25]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[26]  Steven A. Demurjian,et al.  A framework of composable access control features: Preserving separation of access control concerns from models to code , 2010, Comput. Secur..

[27]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[28]  Frank Hill,et al.  An aspect-oriented security framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[29]  Mukund Raghavachari,et al.  Mapping UML designs to Java , 2000, OOPSLA '00.

[30]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[31]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[32]  Paulo Borba,et al.  A Framework for Establishing Formal Conformance between Object Models and Object-Oriented Programs , 2008, Electron. Notes Theor. Comput. Sci..

[33]  Krzysztof Zielinski,et al.  Comparison Study of Aspect-oriented and Container Managed Security , 2003 .

[34]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .