Skip to main content
SpringerLink
Log in

Least privilege analysis in software architectures

  • Special Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Due to the lack of both precise definitions and effective software engineering methodologies, security design principles are often neglected by software architects, resulting in potentially high-risk threats to systems. This work lays the formal foundations for understanding the security design principle of least privilege in software architectures and provides a technique to identify violations against this principle. The technique can also be leveraged to analyze violations against the security design principle of separation of duties. The proposed approach is supported by tools and has been validated in four case studies, two of which are presented in detail in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Alexandrov, A.D., Ibel, M., Schauser, K.E., Scheiman, C.J.: Extending the operating system at the user level: the Ufo global file system. In: 1997 Annual Technical Conference on UNIX and Advanced Computing Systems (USENIX’97) (1997)

  2. Alexandrov, A., Kmiec, P., Schauser, K.: Consh: a confined execution environment for internet computations. In: USENIX Annual Technical Conference (1999)

  3. Acharya, A., Raje, M.: Mapbox: using parameterized behavior classes to confine applications. Technical report, Santa Barbara, CA, USA (1999)

  4. Barkley, J.: Comparing simple role based access control models and access control lists. In: ACM Workshop on Role Based Access Control (RBAC) (1997)

  5. Basin, D., Burri, S.J., Karjoth, G.: Dynamic enforcement of abstract separation of duty constraints. In: European Conference on Research in Computer Security (ESORICS) (2009)

  6. Berman, A., Bourassa, V., Selberg, E.: TRON: process-specific file protection for the UNIX operating system. In: Proceedings of the USENIX 1995 Technical Conference Proceedings on USENIX 1995 Technical Conference Proceedings, p. 14. USENIX Association (1995)

  7. Buyens, K., De Win, B., Joosen, W.: Resolving least privilege violations in software architectures. In: Workshop on Software Engineering for Secure Systems (SESS) (2009)

  8. Bernstein, D.J.: Some thoughts on security after ten years of qmail 1.0. In: CSAW ’07, pp. 1–10. ACM, New York (2007)

  9. Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: USENIX (2004)

  10. Buyens, K., Scandariato, R., Joosen, W.: Process activities supporting security principles. In: International Workshop on Security in Software Engineering (IWSSE) (2007)

  11. Buyens, K.: Security principle tool. http://people.cs.kuleuven.be/~koen.buyens/securityprinciples/ (2011)

  12. Chari S.N., Cheng P.-C.: Bluebox: a policy-driven, host-based intrusion detection system. ACM Trans. Inf. Syst. Secur. 6(2), 173–200 (2003)

    Article  Google Scholar 

  13. Crampton, J.: Specifying and enforcing constraints in role-based access control. In: ACM Symposium on Access Control Models and Technologies (SACMAT) (2003)

  14. Dashofy, E., Asuncion, H., Hendrickson, S., Suryanarayana, G., Georgas, J., Taylor, R.: Archstudio 4: an architecture-based meta-modeling environment. In: ICSE Companion (2007)

  15. Debie, E., De Ryck, P.: Non-repudiation middleware for web-based architectures. Master’s thesis, Katholieke Universiteit Leuven (2009)

  16. Evans, C.: Comments on the Overall Architecture of Vsftpd, from a Security Standpoint. Internet, February 2001

  17. Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Proceedings of the Second ACM workshop on Role-based Access Control, pp. 121–125. ACM, New York (1997)

  18. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) Trust Management. Lecture Notes in Computer Science, vol. 2995, pp. 176–190. Springer, Berlin (2004)

  19. Höhn, S., Jürjens, J.: Rubacon: automated support for model-based compliance engineering. In: ICSE (2008)

  20. Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press (2006)

  21. Jürjens J.: Secure Systems Development with UML. Springer, Berlin (2005)

    MATH  Google Scholar 

  22. Jordan, D., Evdemon, J.: WS-BPEL 2.0. Oasis (2007)

  23. Jain, K., Sekar, R.: User-level infrastructure for system call interposition: a platform for intrusion detection and confinement. (2000)

  24. Karger, P.A.: Limiting the damage potential of discretionary Trojan horses. In: Proceedings of the 1987 Symposium on Security and Privacy, pp. 32–37 (1987)

  25. Li, N., Tripunitara, M.V., Bizri, Z.: On mutually exclusive roles and separation-of-duty. ACM Trans. Inf. Syst. Secur. (TISSEC) 10(2) (2007)

  26. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting

  27. Microsoft. Msdn library—access control lists. http://msdn.microsoft.com (2010)

  28. Mazieres, D., Kaashoek, M.F.: Secure applications need flexible operating systems. In: Workshop on Hot Topics in Operating Systems (1997)

  29. Morandini, M., Nguyen, D.C., Perini, A., Siena, A., Susi, A.: Tool-supported development with Tropos: the conference management system case study. In: Workshop on Agent Oriented Software Engineering (AOSE) (2008)

  30. Nash, M.J., Poland, K.R.: Transaction control expressions for separation of duties. In: Annual Computer Security Applications Conference (ACSAC) (1988)

  31. Nash, M.J., Poland, K.R.: Some conundrums concerning separation of duty. In: IEEE Symposium on Research in Security and Privacy (1990)

  32. Peterson G.: Service oriented security architecture. Inf. Secur. Bull. 10, 325–330 (2005)

    Google Scholar 

  33. Provos, N.: Systrace—interactive policy generation for system calls

  34. Provos, N.: Preventing privilege escalation. In: In Proceedings of the 12th USENIX Security Symposium (2003)

  35. Raza, A., Vogel, G., Plodereder, E.: Bauhaus—a tool suite for program analysis and reverse engineering. In: Ada Europe (2006)

  36. Ren, J.: A connector-centric approach to architectural access control. PhD thesis, University of California Irvine (2006)

  37. Robertson S., Robertson J.: Mastering the Requirements Process. Addison-Wesley, Boston (1999)

    Google Scholar 

  38. Rozanski N., Woods E.: Software Systems Architecture: Working with Stakeholders Using Viewpoints and Perspectives. Addison-Wesley Professional, Boston (2005)

    Google Scholar 

  39. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E.: The protection of information in computer systems. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  40. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  41. Schneider F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  Google Scholar 

  42. Spitz, B.: Architecture recovery for security. K.U. Leuven Master Thesis (2011)

  43. Saltzer J.H., Schroeder M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  44. Van Landuyt, D., Grégoire, J., Michiels, S., Truyen, E., Joosen, W.: Architectural design of a digital publishing system. Technical Report CW465, Katholieke Universiteit Leuven (2006)

  45. Venema, W.Z.: Postfix home page

  46. Viega J., McGraw G.: Building Secure Software. Addison- Wesley, Boston (2002)

    Google Scholar 

  47. Wagner, D.A.: Janus: an approach for confinement of untrusted applications. Technical Report CSD-99-1056, 12 (1999)

  48. Walker, K.M., Sterne, D.F., Lee Badger, M., Petkac, M.J., Sherman, D.L., Oostendorp, K.A.: Confining root programs with domain and type enforcement (dte). In: SSYM’96: Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography, pp. 3–3, Berkeley, CA, USA, 1996. USENIX Association

  49. Yu, E.S.K.: Towards modeling and reasoning support for early-phase requirements engineering. In: Proceedings of RE, p. 226 (1997)

  50. Zdancewic S., Zheng L., Nystrom N., Myers A.C.: Secure program partitioning. ACM Trans. Comput. Syst. (TOCS) 20(3), 283–328 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBBT-DistriNet, Katholieke Universiteit Leuven, 3001, Louvain, Belgium

    Koen Buyens, Riccardo Scandariato & Wouter Joosen

Authors
  1. Koen Buyens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Riccardo Scandariato
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wouter Joosen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Koen Buyens.

Additional information

Communicated by Dr. Muhammad Ali Babar, Flavio Oquendo, and Ian Gorton.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Buyens, K., Scandariato, R. & Joosen, W. Least privilege analysis in software architectures. Softw Syst Model 12, 331–348 (2013). https://doi.org/10.1007/s10270-011-0218-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-011-0218-8

Keywords

Search

Navigation