Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
Role slices: a notation for RBAC permission assignment and enforcement
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A formal enforcement framework for role-based access control using aspect-oriented programming
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Hi-index | 0.00 |
The objective of this research is to develop techniques that integrate alternative security concerns (e.g., mandatory access control, delegation, authentication, etc.) into the software process. A framework is proposed to achieve composable security definition, assurance, and enforcement via a model-driven framework that preserves separation of security concerns from modeling through implementation, and provides mechanisms to compose these concerns into the application, while maintaining consistency between design models and code. At modeling-time, separation of concerns (e.g., RBAC, MAC, delegation, authorization, etc.) is emphasized by defining concern-specific modeling languages. At the implementation-level, aspect-oriented programming (AOP) transitions security concerns into modularized code that enforces each concern. This research assumes the use of an underlying object-oriented language with aspect-oriented extensions, and infrastructure to implement the applications and support secure access to the public methods of classes, e.g., Java with AspectJ or C++ with AspectC++.