TU Darmstadt / ULB / TUbiblio

Supporting Authorization Policy Modification in Agile Development of {Web} Applications

Bartsch, Steffen (2010)
Supporting Authorization Policy Modification in Agile Development of {Web} Applications.
Krakow, Poland
doi: 10.1109/ARES.2010.19
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2010
Autor(en): Bartsch, Steffen
Art des Eintrags: Bibliographie
Titel: Supporting Authorization Policy Modification in Agile Development of {Web} Applications
Sprache: Englisch
Publikationsjahr: Februar 2010
Verlag: IEEE Computer Society
Buchtitel: SecSE: Fourth International Workshop on Secure Software Engineering
Veranstaltungsort: Krakow, Poland
DOI: 10.1109/ARES.2010.19
Kurzbeschreibung (Abstract):

Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.

Freie Schlagworte: Secure Data
ID-Nummer: Bartsch10
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen