Security policy is a critical property in software applications which require high levels of safety and security. It has to be clearly specified in requirement documents and its implementation must be conformed to the specification. In this paper, we propose an approach to check if the implementation is in accordance with its security policy specification. We use the Abstract Syntax Tree (AST), another manner of expressing the program, to analyze the source code and specify user permission policy in software systems by Role-Based Access Control (RBAC). © 2009 IEEE.

Pham T.-H., Truong N.-T., Nguyen V.-H.

224.pdf    Gửi cho bạn bè

Từ khóa : Abstract Syntax Trees; Critical properties; Role-based Access Control; Security policy; Software applications; Software systems; Source codes; Computer software; Knowledge engineering; Security systems; Specifications; Systems engineering; Trees (mathematics); Access control