Due to the lack of both precise definitions and effective software engineering methodologies, security design principles are often neglected by software architects, resulting in potentially high-risk threats to systems. This work lays the formal foundations for understanding the security design principle of least privilege in software architectures and provides a technique to identify violations against this principle. The technique can also be leveraged to analyze violations against the security design principle of separation of duties. The proposed approach is supported by tools and has been validated in four case studies, two of which are presented in detail in this paper.

• 出版日期2013-5