Authorization Enforcement Usability Case Study

被引:0
|
作者
Bartsch, Steffen [1 ]
机构
[1] Univ Bremen, Technol Zentrum Informat TZI, D-28359 Bremen, Germany
来源
ENGINEERING SECURE SOFTWARE AND SYSTEMS | 2011年 / 6542卷
关键词
ACCESS-CONTROL; SECURITY;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.
引用
收藏
页码:209 / 220
页数:12
相关论文
共 50 条
  • [1] Authorization Enforcement Detection
    Porat, Ehood
    Tikochinski, Shmuel
    Stulman, Ariel
    [J]. PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17), 2017, : 179 - 182
  • [2] Authorization Constraints Specification and Enforcement
    Zhou, Wei
    Meinel, Christoph
    Xiang, Yidong
    Shao, Yang
    [J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2008, 3 (01): : 38 - 50
  • [3] Authorization enforcement in distributed query evaluation
    di Vimercati, Sabrina
    Foresti, Sara
    Jajodia, Sushil
    Paraboschi, Stefano
    Samarati, Pierangela
    [J]. JOURNAL OF COMPUTER SECURITY, 2011, 19 (04) : 751 - 794
  • [4] Federated Authentication and Authorization: A Case Study
    Boehm, Oliver
    Caumanns, Joerg
    Franke, Markus
    Pfaff, Oliver
    [J]. EDOC 2008: 12TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING, PROCEEDINGS, 2008, : 356 - +
  • [5] Authorization Constraint Enforcement for Information System Security
    Hewett, Rattikorn
    Kijsanayothin, Phongphun
    [J]. 2008 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN AND CYBERNETICS (SMC), VOLS 1-6, 2008, : 3501 - 3506
  • [6] Retrofitting legacy code for authorization policy enforcement
    Ganapathy, Vinod
    Jaeger, Trent
    Jha, Somesh
    [J]. 2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2006, : 214 - +
  • [7] Usability testing: A case study
    Chisman, J
    Diller, K
    Walbridge, S
    [J]. COLLEGE & RESEARCH LIBRARIES, 1999, 60 (06): : 552 - 569
  • [8] Designing for usability: A case study
    Wesson, J
    deKock, G
    Warren, P
    [J]. HUMAN-COMPUTER INTERACTION - INTERACT '97, 1997, : 31 - 38
  • [9] iKnow Usability: A Case Study
    Guseva, Ana
    Gusev, Marjan
    Chorbev, Ivan
    [J]. 2016 24TH TELECOMMUNICATIONS FORUM (TELFOR), 2016, : 810 - 813
  • [10] Specification and Enforcement of Dynamic Authorization Policies oriented by Situations
    Kabbani, Bashar
    Laborde, Romain
    Barrere, Francois
    Benzekri, Abdelmalek
    [J]. 2014 6TH INTERNATIONAL CONFERENCE ON NEW TECHNOLOGIES, MOBILITY AND SECURITY (NTMS), 2014,
12345