TY  - INPR
ID  - SisLab3637
UR  - https://edas.info/listConferencesAuthor.php?c=26598
A1  - Luong, Thanh Nhan
A1  - Vo, Dinh Hieu
A1  - Truong, Ninh Thuan
Y1  - 2019/12/12/
N2  - Security has been a crucial aspect of most applications especially, critical-safety softwares. In fact, losing or leaking of sensitive data can lead to huge losses for organizations so software developers must always ?nd ways to ensure the security properties for their products. In practice, attribute-based access control (ABAC) has been an e?ective, ?exible and popular method to mitigate the risks of unauthorized accesses to resources in large and complex systems. Therefore, we introduce an approach for checking ABAC rules from source code of an application software against to its requirement speci?cation. Our work includes of a formal de?nition about ABAC policy, method to implement ABAC into application as well as analyze access rules from the source code, and a algorithm to check analyzed ABAC rules against to its speci?cation. The proposed approach can help programmers to detect the inconsistency between speci?cation and implementation. We also illustrate our approach with an example in a medical information management system.
TI  - An Approach to Analyze Software Security Requirements in ABAC Mode
AV  - none
T2  - The NAFOSTED Conference on Information and Computer Science (NICS)
ER  -