Role-Based Access Control Models
Computer
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
ACM SIGOPS Operating Systems Review
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Formal validation of pattern matching code
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Availability Enforcement by Obligations and Aspects Identification
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Security policy enforcement by automated program-rewriting
Security policy enforcement by automated program-rewriting
Rewriting-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Canonical Abstract Syntax Trees
Electronic Notes in Theoretical Computer Science (ENTCS)
Tom: piggybacking rewriting on java
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Termination of Priority Rewriting
LATA '09 Proceedings of the 3rd International Conference on Language and Automata Theory and Applications
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
You should better enforce than verify
RV'10 Proceedings of the First international conference on Runtime verification
Combining static analysis and runtime checking in security aspects for distributed tuple spaces
COORDINATION'11 Proceedings of the 13th international conference on Coordination models and languages
HiPoLDS: a security policy language for distributed systems
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems
Information Security Tech. Report
| Hi-index | 0.00 |
Access control is a central issue among the overall security goals of information systems. Despite the existence of a vast literature on the subject, it is still very hard to assure the compliance of a large system to a given dynamic access control policy. Based on our previous work on formal islands, we provide in this paper a systematic methodology to weave dynamic, formally specified policies on existing applications using aspect-oriented programming. To that end, access control policies are formalized using term rewriting systems, allowing us to have an agile, modular, and precise way to specify and to ensure their formal properties. These high-level descriptions are then weaved into the existing code, such that the resulting program implements a safe reference monitor for the specified policy. For developers, this provides a systematic process to enforce dynamic policies in a modular and flexible way. Since policies are independently specified and checked to be later weaved into various different applications, the level of reuse is improved. We implemented the approach on test cases with quite encouraging results.