Authorization Enforcement Usability Case Study

  • Steffen Bartsch
Conference paper

DOI: 10.1007/978-3-642-19125-1_16

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)
Cite this paper as:
Bartsch S. (2011) Authorization Enforcement Usability Case Study. In: Erlingsson Ú., Wieringa R., Zannone N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg

Abstract

Authorization is a key aspect in secure software development of multi-user applications. Authorization is often enforced in the program code with enforcement statements. Since authorization is present in numerous places, defects in the enforcement are difficult to discover. One approach to this challenge is to improve the developer usability with regard to authorization. We analyze how software development is affected by authorization in a real-world case study and particularly focus on the loose-coupling properties of authorization frameworks that separate authorization policy from enforcement. We show that authorization is a significant aspect in software development and that the effort can be reduced through appropriate authorization frameworks. Lastly, we formulate advice on the design of enforcement APIs.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Steffen Bartsch
    • 1
  1. 1.Technologie-Zentrum Informatik TZIUniversität BremenBremenGermany

Personalised recommendations