Maintaining Authorization Hook Placements Across Program Versions

In this paper, we explore how to maintain authorization hook placements across versions. We propose that an authorization hook placement process should produce a set of constraints on the policies that can be enforced by the program, called authorization constraints [4]. An authorization constraint relates a pair of security-sensitive operations to a constraint on the sets of subjects authorized to perform them both. We have identified authorization constraints for subsumption or equivalence. First, if a security-sensitive operation o1 is allowed for set of subjects which is a subset of subjects that are allowed for operation o2, then we say that o2 subsumes o1 with respect to the policy. Second, if the subjects that are allowed to perform o1 are the same as the subjects allowed for o2 then we say that the two operations are equivalent with respect to the policy.