Security enforcement aware software development
نویسندگان
چکیده
منابع مشابه
Security enforcement aware software development
In the domain of security policy enforcement, the concerns of application developers are almost completely ignored. As a consequence, it is hard to develop useful and reliable applications that will function properly under a variety of policies. This paper addresses this issue for application security policies specified as security automata, and enforced through run-time monitoring. Our solutio...
متن کاملCost-Aware Runtime Enforcement of Security Policies
In runtime enforcement of security policies, the classic requirements on monitors in order to enforce a security policy are soundness and transparency. However, there are many monitors that successfully pass this specification but they differ in complexity of both their implementation and the output they produce. In order to distinguish and compare these monitors we propose to associate cost wi...
متن کاملComposing Security-Aware Software
0 7 4 0 7 4 5 9 / 0 2 / $ 1 7 . 0 0 © 2 0 0 2 I E E E benefits of software reusability. While software components have become popular, security concerns are paramount. Their composition can be considered risky because of the “plug and play” with unknown third-party components. In dynamic runtime applications for critical systems such as e-commerce and ehealth, the risk could be much higher. Com...
متن کاملLightweight Enforcement of Fine-Grained Security Policies for Untrusted Software
This thesis presents an innovative approach to implementing a security enforcement mechanism in the contexts of untrusted software systems, where a piece of code in a base system may come from an untrusted third party. The key point of the approach is that it is lightweight in the sense that it does not need an additional policy language or extra tool. Instead, the approach uses the aspectorien...
متن کاملTrust-Based Security Policy Enforcement of Software Components
The software component technology facilitates the suitable and inexpensive creation of applications by composing independently developed components. This design method, however, causes new security risks. In particular, a malicious component is a threat to an incorporating application. To guard component-structured software against this threat, we use security wrappers monitoring the behavior o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Information and Software Technology
سال: 2009
ISSN: 0950-5849
DOI: 10.1016/j.infsof.2008.01.009