eprintid: 3637
rev_number: 6
eprint_status: archive
userid: 252
dir: disk0/00/00/36/37
datestamp: 2019-11-28 01:46:57
lastmod: 2019-11-28 01:46:57
status_changed: 2019-11-28 01:46:57
type: conference_item
metadata_visibility: show
creators_name: Luong, Thanh Nhan
creators_name: Vo, Dinh Hieu
creators_name: Truong, Ninh Thuan
creators_id: hieuvd@vnu.edu.vn
creators_id: thuantn@vnu.edu.vn
title: An Approach to Analyze Software Security Requirements in ABAC Mode
ispublished: inpress
subjects: IT
divisions: sae
abstract: Security has been a crucial aspect of most applications especially, critical-safety softwares. In fact, losing or leaking of sensitive data can lead to huge losses for organizations so software developers must always find ways to ensure the security properties for their products. In practice, attribute-based access control (ABAC) has been an effective, flexible and popular method to mitigate the risks of unauthorized accesses to resources in large and complex systems. Therefore, we introduce an approach for checking ABAC rules from source code of an application software against to its requirement specification. Our work includes of a formal definition about ABAC policy, method to implement ABAC into application as well as analyze access rules from the source code, and a algorithm to check analyzed ABAC rules against to its specification. The proposed approach can help programmers to detect the inconsistency between specification and implementation. We also illustrate our approach with an example in a medical information management system.
date: 2019-12-12
official_url: https://edas.info/listConferencesAuthor.php?c=26598
full_text_status: none
pres_type: paper
event_title: The NAFOSTED Conference on Information and Computer Science (NICS)
event_type: conference
refereed: TRUE
citation:   Luong, Thanh Nhan and Vo, Dinh Hieu and Truong, Ninh Thuan  (2019) An Approach to Analyze Software Security Requirements in ABAC Mode.  In: The NAFOSTED Conference on Information and Computer Science (NICS).    (In Press)