Authorization Enforcement Usability Case Study
نویسنده
چکیده
Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.
منابع مشابه
DSP Re-encryption Based Access Control Enforcement Management Mechanism in DaaS
With the popular use of service-oriented technologies, Database as a Service(DaaS) paradigm is becoming a more practical and useful model for those enterprises who can’t afford the expensive DBMS products. However, access control management by the database service provider(DSP ) in this paradigm is challenged because the DSP may be untrusted for the delegated data contents. So it is important t...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملEnforceable and Verifiable Stale-Safe Security Properties in Distributed Systems
Attribute staleness arises due to the physical distribution of authorization information, decision and enforcement points. This is a fundamental problem in virtually any secure distributed system in which the management and representation of authorization state are not globally synchronized. This problem is so intrinsic that it is inevitable an access decision will be made based on attribute va...
متن کاملSemantic Security: Specification and Enforcement of Semantic Policies for Security-driven Collaborations
Collaborative research can often have demands on finer-grained security that go beyond the authentication-only paradigm as typified by many e-Infrastructure/Grid based solutions. Supporting finer-grained access control is often essential for domains where the specification and subsequent enforcement of authorization policies is needed. The clinical domain is one area in particular where this is...
متن کاملA Toolkit for Managing Enterprise Privacy Policies
E. Snekkenes and D. Gollmann (Eds.): ESORICS 2003, LCNS 2808, pages 162 180, October 2003. c © Springer-Verlag Berlin Heidelberg 2003. Abstract. Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. An enterprise privacy policy often reflects different legal regulations, promises made to customers, as well as more ...
متن کامل