Title :
Supporting Authorization Policy Modification in Agile Development of Web Applications
Author :
Bartsch, Steffen
Author_Institution :
TZI, Univ. Bremen, Bremen, Germany
Abstract :
Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.
Keywords :
Internet; authorisation; management of change; software prototyping; Al-based change support algorithm; GUI prototype; RBAC authorization policies; agile development process; authorization policy modification; domain experts; nonsecurity experts; real-world business-centric Web applications; role-based access control; Access control; Application software; Authorization; Availability; Conference management; Electronic mail; Permission; Prototypes; Security; Testing; Agile Development; Authorization Policy Development; Change-Impact Analysis; Policy Change Management;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.19
