University of Minnesota
Software Engineering Center
/

You are here

Analyzing RBAC Security Policy of Implementation Using AST

Date of Publication: 
October 2009
Associated Research Groups: 
Publication Files: 
Abstract: 
Security policy is a critical property in software applications which require high levels of safety and security. It has to be clearly specified in requirement documents and its implementation must be conformed to the specification. In this paper, we propose an approach to check if the implementation is in accordance with its security policy specification. We use the Abstract Syntax Tree (AST), another manner of expressing the program, to analyze the source code and specify user permission policy in software systems by Role-Based Access Control (RBAC).
Venue: 
Proceedings of the 2009 International Conference on Knowledge and Systems Engineering (KSE '09)
bibtex: 
@inproceedings{Pham:2009:ARS:1681518.1683201, author = {Pham, Tuan-Hung and Truong, Ninh-Thuan and Nguyen, Viet-Ha}, title = {Analyzing RBAC Security Policy of Implementation Using AST}, booktitle = {Proceedings of the 2009 International Conference on Knowledge and Systems Engineering}, series = {KSE '09}, year = {2009}, isbn = {978-0-7695-3846-4}, pages = {215--219}, numpages = {5}, url = {http://dx.doi.org/10.1109/KSE.2009.23}, doi = {http://dx.doi.org/10.1109/KSE.2009.23}, acmid = {1683201}, publisher = {IEEE Computer Society}, address = {Washington, DC, USA}, keywords = {RBAC policy, conformance checking, AST}, }