Pham, Hung T.Truong, Ninh-ThuanNguyen, Viet-Ha2020-12-102020-12-102009Proceedings of the 2009 International Conference on Knowledge and Systems Engineering (KSE '09)https://hdl.handle.net/11299/217425Associated research group: Critical Systems Research GroupSecurity policy is a critical property in software applications which require high levels of safety and security. It has to be clearly specified in requirement documents and its implementation must be conformed to the specification. In this paper, we propose an approach to check if the implementation is in accordance with its security policy specification. We use the Abstract Syntax Tree (AST), another manner of expressing the program, to analyze the source code and specify user permission policy in software systems by Role-Based Access Control (RBAC).Analyzing RBAC Security Policy of Implementation Using ASTReport