An approach to analyze software security requirements in ABAC model

Security has been a crucial aspect of most applications especially, critical-safety softwares. In fact, losing or leaking of sensitive data can lead to huge losses for organizations so software developers must always find ways to ensure the security properties for their softwares. In practice, attribute-based access control (ABAC) has been an effective, flexible and popular method to mitigate the risks of unauthorized accesses to resources in large and complex systems. In this paper, we introduce an approach for checking ABAC rules from the source code of an application software against to its requirement specification. Our work includes of formal definitions about ABAC policy and access rules in softwares, a method to analyze access rules from the source code, and algorithms to analyze and validate access rules supporting for the verification process. The proposed approach can help programmers to detect the inconsistency between specification and implementation of a software system. We also illustrate our approach with an example in a medical information management system.