Enforcing trace properties by program transformation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
Detecting Conflicts in a Role-Based Delegation Model
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Specification and Classification of Role-based Authorization Policies
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Implementing a modular access control service to support application-specific policies in CaesarJ
AOMD '05 Proceedings of the 1st workshop on Aspect oriented middleware development
Using Dynamic Aspects for Delegating Fine-Grained Access Rights
APSEC '05 Proceedings of the 12th Asia-Pacific Software Engineering Conference
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"
IEEE Security and Privacy
Specifying and Monitoring Temporal Properties in Web Services Compositions
ECOWS '09 Proceedings of the 2009 Seventh IEEE European Conference on Web Services
Temporal Assertions using AspectJ
Electronic Notes in Theoretical Computer Science (ENTCS)
Combining formal methods and aspects for specifying and enforcing architectural invariants
COORDINATION'07 Proceedings of the 9th international conference on Coordination models and languages
Expressive pointcuts for increased modularity
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.