Fourth International Conference on Availability, Security and Reliability pages:232-239
Fourth International Conference on Availability, Security and Reliability edition:4 location:Fukuoka, Japan date:16-19 March 2009
The implementation of security principles, like least privilege, in a software architecture is difficult, as no systematic rules on how to apply them in practice exist. As a result, they are often neglected, which lowers the overall security level of the software system and increases the cost to ﬁx this later on.
This paper improves the support for least privilege in software architectures by (i) deﬁning the foundations to identify potential violations of the principle herein and (ii) elicitating architectural transformations that ameliorate the
security properties of the architecture. These results have been implemented and validated in three case studies.