Bart De Win

On the secure software development process: CLASP, SDL and Touchpoints compared

Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated processes have been proposed only recently. In this paper, three high-profile processes for the development of secure software, namely OWASPs CLASP, Microsofts SDL and McGraws Touchpoints, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.

Security Through Aspect-Oriented Programming

Since many applications are too complex to be solved ad hoc, mechanisms are being developed to deal with different concerns separately. An interesting case of this separation is security. The implementation of security mechanisms often interacts or even interferes with the core functionality of the application. This results in tangled, unmanageable code with a higher risk of security bugs.

Towards a measuring framework for security properties of software

Among the different quality attributes of software artifacts, security has lately gained a lot of interest. However, both qualitative and quantitative methodologies to assess security are still missing. This is possibly due to the lack of knowledge about which properties must be considered when it comes to evaluate security. The above-mentioned gap is even larger when one considers key software development phases such as architectural and detailed design. This position paper highlights the fundamental questions that need to be answered in order to bridge the gap and proposes an initial approach.

How secure is AOP and what can we do about it

From a software engineering perspective, using Aspect-Oriented Programming (AOP) to build secure software has clear advantages. Until recently, the security perspective of this approach has been given less attention, however. This paper analyses the security risks in using AOP to develop secure software and discusses one particular solution to some of the identified risks, an aspect permission system. This permission system is one part of an overall AOP-based development platform for secure software.

Resolving least privilege violations in software architectures

Supporting a security principle, such as least privilege, in a software architecture is difficult. Systematic rules are lacking, no guidance explains how to apply the principle in practice. As a result, security principles are often neglected. This lowers the overall security level of the software system and the cost of fixing such problems later on in the development cycle is high. We propose an improvement in supporting least privilege in software architectures. We have identified architectural transformations that reduce violations to the principle of least privilege. These transformations have been implemented. We have applied the solution on a case study.

A Security Architecture for Electronic Commerce Applications

On the Internet many electronic commerce applications can be used today, but most of them provide only weak security or even none whatsoever. A major cause of this problem is the variety of technologies used to create such applications. Most existing security architectures are not designed to work in different environments.

Requirements traceability to support evolution of access control

One of the hurdles in the enforcement of access control remains the translation of the organizations high level policy, that drives the access control decisions, down to technology specific deployment descriptors, configuration files and code. This huge gap between the high level policy and the access logic has as a consequence that it is hard to trace implementation fragments to the actual requirement they contribute to, and to support evolution. The notion of an access interface is introduced as a contract between the authorization engine and the various applications using its services. A so-called view connector makes sure that the application behaves consistently with this contract. The implementation is based on aspect orientation, rendering the whole design more robust in the light of unanticipated changes.

Adaptable Access Control Policies for Medical Information Systems

IT enforced access control policies in medical information systems have to be fine-grained and dynamic. We justify this observation on the basis of legislation and on the basis of the evolution within the healthcare domain. Consequently, a reconfigurable or at least adaptable implementation of access control facilities has become extremely important. For this purpose, current technology provides insufficient support. We highlight a basic solution to address shortcomings by using interception techniques. In addition, we identify further research that is required to address the challenges of dynamic and fine-grained access control in the long run.

A Modular Access Control Service for Supporting Application-Specific Policies

Aspect-oriented software development techniques can help modularize the enforcement of application-specific access control policies. Middleware platforms must cater to a variety of applications. The access control services integrated in these platforms support only access control policies with limited expressiveness and typically enforce only an invocation access policy. Enforcing such a policy only takes into account information in the method invocation and fails to include application state or context in the access decision process

Implementing a modular access control service to support application-specific policies in CaesarJ

Ideally, the enforcement of application-specific policies in an access control service should be untangled from the application logic. The access control services that are provided in state-of-the-art application servers typically fail to support such a separation. Aspect-Oriented Software Development techniques can be used to alleviate such shortcomings. This paper describes the design and implementation of a modular access control service that improves the separation between application logic and access control. The prototype has been implemented in CaesarJ.