TU Darmstadt / ULB / TUbiblio

An Authorization Enforcement Usability Case Study

Bartsch, Steffen (2011)
An Authorization Enforcement Usability Case Study.
Madrid, Spain
doi: 10.1007/978-3-642-19125-1_16
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Autor(en): Bartsch, Steffen
Art des Eintrags: Bibliographie
Titel: An Authorization Enforcement Usability Case Study
Sprache: Englisch
Publikationsjahr: Februar 2011
Verlag: Springer
Buchtitel: ESSoS 2011
Veranstaltungsort: Madrid, Spain
DOI: 10.1007/978-3-642-19125-1_16
Kurzbeschreibung (Abstract):

Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.

Freie Schlagworte: Secure Data
ID-Nummer: Bartsch11
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen