cc 15(6): e3

Research Article

Achieving Security Assurance with Assertion-based Application Construction

Download1010 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.21-12-2015.150819,
    author={Carlos E. Rubio-Medrano and Gail-Joon Ahn and Karsten Sohr},
    title={Achieving Security Assurance with Assertion-based Application Construction},
    journal={EAI Endorsed Transactions on Collaborative Computing},
    volume={1},
    number={6},
    publisher={EAI},
    journal_a={CC},
    year={2015},
    month={12},
    keywords={security assurance, software specification, software assertions, role-based access control, API, SDK},
    doi={10.4108/eai.21-12-2015.150819}
}
  • Carlos E. Rubio-Medrano
    Gail-Joon Ahn
    Karsten Sohr
    Year: 2015
    Achieving Security Assurance with Assertion-based Application Construction
    CC
    EAI
    DOI: 10.4108/eai.21-12-2015.150819
Carlos E. Rubio-Medrano1,*, Gail-Joon Ahn1, Karsten Sohr2
  • 1: Arizona State University, 699 S. Mill Avenue, Tempe, Arizona, 85282, USA
  • 2: Universität Bremen, Am Fallturm 1, 28359 Bremen, Germany
*Contact email: gahn@asu.edu

Abstract

Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

Keywords
security assurance, software specification, software assertions, role-based access control, API, SDK
Received
2015-03-02
Accepted
2015-08-25
Published
2015-12-21
Publisher
EAI
http://dx.doi.org/10.4108/eai.21-12-2015.150819

Copyright © 2015 Carlos E. Rubio-Medrano et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.