TU Darmstadt / ULB / TUbiblio

Supporting Authorization Policy Modification in Agile Development of {Web} Applications

Bartsch, Steffen (2010):
Supporting Authorization Policy Modification in Agile Development of {Web} Applications.
In: SecSE: Fourth International Workshop on Secure Software Engineering, IEEE Computer Society, Krakow, Poland, DOI: 10.1109/ARES.2010.19, [Conference or Workshop Item]

Abstract

Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.

Item Type: Conference or Workshop Item
Erschienen: 2010
Creators: Bartsch, Steffen
Title: Supporting Authorization Policy Modification in Agile Development of {Web} Applications
Language: English
Abstract:

Web applications are increasingly developed in Agile development processes. Business-centric Web applications need complex authorization policies to securely implement business processes. As part of the Agile process, integrating domain experts into the development of RBAC authorization policies improves the policies, but remains difficult. For policy modifications, high numbers of options need to be considered. To ease the management task and integrate domain experts, we propose an algorithm and prototype tool. The AI-based change-support algorithm helps to find the suitable modification actions according to desired changes that are given in policy test cases. We also present a prototype GUI for domain experts to employ the algorithm and report on early results of non-security experts using the tool in a real-world business Web application.

Title of Book: SecSE: Fourth International Workshop on Secure Software Engineering
Publisher: IEEE Computer Society
Uncontrolled Keywords: Secure Data
Divisions: 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Event Location: Krakow, Poland
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1109/ARES.2010.19
Identification Number: Bartsch10
Export:

Optionen (nur für Redakteure)

View Item View Item