A holistic approach for access control policies: from formal specification to aspect-based enforcement

Authors:
Slim Kallel;Anis Charfi;Mira Mezini;Mohamed Jmaiel;Andreas Sewe
Affiliations:
Software Technology Group, Darmstadt University of Technology, Hochschulstr. 10, 64289 Darmstadt, Germany.;Software Technology Group, Darmstadt University of Technology, Hochschulstr. 10, 64289 Darmstadt, Germany.;Software Technology Group, Darmstadt University of Technology, Hochschulstr. 10, 64289 Darmstadt, Germany.;ReDCAD Laboratory, National School of Engineers of Sfax, University of Sfax, B.P. 1173, 3038 Sfax, Tunisia.;Software Technology Group, Darmstadt University of Technology, Hochschulstr. 10, 64289 Darmstadt, Germany
Venue:
International Journal of Information and Computer Security
Year:
2009

Citing 14
Cited 0

Enforcing trace properties by program transformation

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Detecting Conflicts in a Role-Based Delegation Model

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Specification and Classification of Role-based Authorization Policies

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
Implementing a modular access control service to support application-specific policies in CaesarJ

AOMD '05 Proceedings of the 1st workshop on Aspect oriented middleware development
Using Dynamic Aspects for Delegating Fine-Grained Access Rights

APSEC '05 Proceedings of the 12th Asia-Pacific Software Engineering Conference
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

IEEE Security and Privacy
Specifying and Monitoring Temporal Properties in Web Services Compositions

ECOWS '09 Proceedings of the 2009 Seventh IEEE European Conference on Web Services
Temporal Assertions using AspectJ

Electronic Notes in Theoretical Computer Science (ENTCS)
Combining formal methods and aspects for specifying and enforcing architectural invariants

COORDINATION'07 Proceedings of the 9th international conference on Coordination models and languages
Expressive pointcuts for increased modularity

ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Enforcing non-safety security policies with program monitors

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.