Title :
Engineering Trust Management into Software Models
Author :
Reith, Mark ; Niu, Jianwei ; Winsborough, William H.
Author_Institution :
Univ. of Texas, San Antonio
Abstract :
Security in software is often considered a nonfunctional requirement because it is often interpreted as an emergent feature of the system. Too often it is introduced as a last- minute requirement over an otherwise completed product rather than properly integrated during the early stages of software design and development. One significant aspect of security involves access control. This paper proposes a multi-layer model detailing the integration of trust management access control with an application´s model behavior. Our previous work focused on modeling the dynamic changes of a trust management policy for the purpose of verifying security properties using model checking. We are working toward integrating both the trust management policy and the mechanisms that enforce that policy for the purpose of verifying security properties. We focus on the Role-based Trust Management (RT) language and suggest concerns specific to it.
Keywords :
authorisation; program verification; access control; model checking; nonfunctional requirement; role-based trust management language; software design; software development; software engineering; software model behavior; software security; Access control; Application software; Communication system security; Engineering management; Force measurement; Mechanical factors; Protection; Software design; Software systems; Transportation;
Conference_Titel :
Modeling in Software Engineering, 2007. MISE '07: ICSE Workshop 2007. International Workshop on
Conference_Location :
Minneapolis, MN
Print_ISBN :
0-7695-2953-4
DOI :
10.1109/MISE.2007.5
