In this paper we study security in component-based software applications by looking at information leakage from one component to another through operation calls. We model components and security speci¿cations about con¿dentiality as regular languages. Then we provide a systematic way to construct an access control mechanism that not only guarantees all speci¿cations to be obeyed, but also allows each user to attain maximum permissive behaviors.
|Title of host publication||Proceedings 10th IASTED International Conference on Software Engineering and Applications (SEA 2006, Dallas TX, USA, November 13-15, 2006)|
|Place of Publication||Anaheim|
|Publication status||Published - 2006|
|Name||IAESTED Conference Proceedings|