Title of article
Security enforcement aware software development
Author/Authors
Veerle Vanoverberghe، نويسنده , , Dries and Piessens، نويسنده , , Frank، نويسنده ,
Issue Information
ماهنامه با شماره پیاپی سال 2009
Pages
14
From page
1172
To page
1185
Abstract
In the domain of security policy enforcement, the concerns of application developers are almost completely ignored. As a consequence, it is hard to develop useful and reliable applications that will function properly under a variety of policies. This paper addresses this issue for application security policies specified as security automata, and enforced through run-time monitoring. Our solution consists of three elements: the definition of an abstract interface to the policy that is being enforced, a sound construct to query that policy, and a static verification algorithm that guarantees absence of security policy violations in critical blocks of code.
Keywords
Security automata , Run-time enforcement , Static verification , Inline reference monitor
Journal title
Information and Software Technology
Serial Year
2009
Journal title
Information and Software Technology
Record number
2374512
Link To Document