Achieving Security Assurance with Assertion-based Application Construction

Journal Title: EAI Endorsed Transactions on Collaborative Computing - Year 2015, Vol 1, Issue 6

Abstract

Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

Authors and Affiliations

Carlos E. Rubio-Medrano, Gail-Joon Ahn, Karsten Sohr

Keywords

Related Articles

A Novel Stackelberg-Bertrand Game Model for Pricing Content Provider

With the popularity of smart devices such as smartphone, tablet, contents that traditionally be viewed on a personal computer, can also be viewed on these smart devices. The demand for contents thus is increasing year by...

Guest Editorial: Selected Papers from IEEE IEEE/EAI CollaborateCom 2013

This issue of EAI Transactions on Collaborative Computing includes extended versions of articles selected from the program of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications...

Evolving and Controlling Perimeter, Rendezvous, and Foraging Behaviors in a Computation-Free Robot Swarm

Designing and controlling the collective behavior of a swarm often requires complex range, bearing sensors, and peer-to-peer communication strategies. Recent work studying swarm of robots that have no computational power...

Welcome Message from the Editors-in-Chief

On behalf of the Editorial Board and the Advisory Board, we are pleased to welcome all to the inaugural issue of the EAI Endorsed Transactions on Collaborative Computing. This journal reflects the increasing maturity...

Merging By Decentralized Eventual Consistency Algorithms

Merging mechanism is an essential operation for version control systems. When each member of collaborative development works on an individual copy of the project, software merging allows to reconcile modifications made c...

Download PDF file
  • EP ID EP45707
  • DOI http://dx.doi.org/10.4108/eai.21-12-2015.150819
  • Views 307
  • Downloads 0

How To Cite

Carlos E. Rubio-Medrano, Gail-Joon Ahn, Karsten Sohr (2015). Achieving Security Assurance with Assertion-based Application Construction. EAI Endorsed Transactions on Collaborative Computing, 1(6), -. https://europub.co.uk/articles/-A-45707