Supporting Authorization Policy Modification in Agile Development of Web Applications

Author

Bartsch, Steffen

Author_Institution

TZI, Univ. Bremen, Bremen, Germany

fYear

2010

fDate

15-18 Feb. 2010

Firstpage

495

Lastpage

500

Abstract

Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.

Keywords

Internet; authorisation; management of change; software prototyping; Al-based change support algorithm; GUI prototype; RBAC authorization policies; agile development process; authorization policy modification; domain experts; nonsecurity experts; real-world business-centric Web applications; role-based access control; Access control; Application software; Authorization; Availability; Conference management; Electronic mail; Permission; Prototypes; Security; Testing; Agile Development; Authorization Policy Development; Change-Impact Analysis; Policy Change Management;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability, and Security, 2010. ARES '10 International Conference on

Conference_Location

Krakow

Print_ISBN

978-1-4244-5879-0

Type

conf

DOI

10.1109/ARES.2010.19

Filename

5438050