The Security policy of a software system is a set of actions that the system should or should not do in given conditions. These actions can be considered as critical properties in many applications which require high level of safety, such as the military, bank or stock software systems. Security policy must be specified clearly in software requirements and then be followed strictly and correctly in implementations. User permission policy is one of the most important aspects in software security policy. This paper proposes an approach for checking the conformance between user permissions of an implementation and their given specifications. In this approach, the source code of a program is represented at an abstraction level called Abstract Syntax Tree, which are then checked against specification of user permissions expressed using Role-Based Access Control (RBAC). A checking tool has been developed and verified using several common examples.

• 出版日期2013-10