Engineering Trust Management into Software Models

Author

Reith, Mark ; Niu, Jianwei ; Winsborough, William H.

Author_Institution

Univ. of Texas, San Antonio

fYear

2007

fDate

20-26 May 2007

Firstpage

9

Lastpage

9

Abstract

Security in software is often considered a nonfunctional requirement because it is often interpreted as an emergent feature of the system. Too often it is introduced as a last- minute requirement over an otherwise completed product rather than properly integrated during the early stages of software design and development. One significant aspect of security involves access control. This paper proposes a multi-layer model detailing the integration of trust management access control with an application´s model behavior. Our previous work focused on modeling the dynamic changes of a trust management policy for the purpose of verifying security properties using model checking. We are working toward integrating both the trust management policy and the mechanisms that enforce that policy for the purpose of verifying security properties. We focus on the Role-based Trust Management (RT) language and suggest concerns specific to it.

Keywords

authorisation; program verification; access control; model checking; nonfunctional requirement; role-based trust management language; software design; software development; software engineering; software model behavior; software security; Access control; Application software; Communication system security; Engineering management; Force measurement; Mechanical factors; Protection; Software design; Software systems; Transportation;

fLanguage

English

Publisher

ieee

Conference_Titel

Modeling in Software Engineering, 2007. MISE '07: ICSE Workshop 2007. International Workshop on

Conference_Location

Minneapolis, MN

Print_ISBN

0-7695-2953-4

Type

conf

DOI

10.1109/MISE.2007.5

Filename

4273249