TU Darmstadt / ULB / TUbiblio

An Authorization Enforcement Usability Case Study

Bartsch, Steffen (2011):
An Authorization Enforcement Usability Case Study.
In: ESSoS 2011, Springer, Madrid, Spain, DOI: 10.1007/978-3-642-19125-1_16,
[Conference or Workshop Item]

Abstract

Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.

Item Type: Conference or Workshop Item
Erschienen: 2011
Creators: Bartsch, Steffen
Title: An Authorization Enforcement Usability Case Study
Language: English
Abstract:

Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.

Title of Book: ESSoS 2011
Publisher: Springer
Uncontrolled Keywords: Secure Data
Divisions: 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Event Location: Madrid, Spain
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1007/978-3-642-19125-1_16
Identification Number: Bartsch11
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item