A practical aspect framework for enforcing fine-grained access control in web applications

Authors:
Kung Chen;Chih-Mao Huang
Affiliations:
Department of Computer Science, National Chengchi University, Wenshan, Taipei, Taiwan;Department of Computer Science, National Chengchi University, Wenshan, Taipei, Taiwan
Venue:
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Year:
2005

Citing 9
Cited 1

Role-Based Access Control Models

Computer
Role templates for content-based access control

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Flexible team-based access control using contexts

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Getting started with ASPECTJ

Communications of the ACM
Security Through Aspect-Oriented Programming

Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
Using Aspects to Design a Secure System

ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
A Framework for Multiple Authorization Types in a Healthcare Application System

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Instance-level access control for business-to-business electronic commerce

IBM Systems Journal
A generic framework for context-based distributed authorizations

CONTEXT'03 Proceedings of the 4th international and interdisciplinary conference on Modeling and using context

An aspect-oriented approach to declarative access control for web applications

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This paper addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner.