A user-role based data security approach
on Database Security: Status and Prospects
Role-Based Access Control Models
Computer
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Towards a definitive paradigm for security in object-oriented systems and applications
Journal of Computer Security - Special issue on database security
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Security Through Aspect-Oriented Programming
Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
A semantics for advice and dynamic join points in aspect-oriented programming
SAIG'01 Proceedings of the 2nd international conference on Semantics, applications, and implementation of program generation
Role slices: a notation for RBAC permission assignment and enforcement
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Rewriting-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach
Models in Software Engineering
A transformation contract to generate aspects from access control policies
Software and Systems Modeling (SoSyM)
A framework for composable security definition, assurance, and enforcement
MoDELS'05 Proceedings of the 2005 international conference on Satellite Events at the MoDELS
| Hi-index | 0.00 |
Many of today's software applications require a high-level of security, defined by a detailed policy and attained via mechanisms such as role-based access control (RBAC), mandatory access control, digital signatures, etc. The integration of the design/implementation processes of access-control policies with runtime enforcement mechanisms is crucial to achieve an acceptable level of security for a software application. Our prior research focused on formalizing the concept of a role slice, which is a unified modeling language (UML) artifact that captures RBAC security requirements by defining permissions in the form of allowable or prohibited methods, and by specifying roles as specialized class diagrams that contain those methods. This paper augments this effort by introducing a formal framework for the security of software applications that supports the automatic translation of a role-slice access-control policy (RBAC requirements) into aspect-oriented programming (AOP) enforcement code that is seamlessly integrated with the application. The formal framework provides the necessary underpinnings to automate the integration of security policies into software. A prototyping effort based on Borland's UML tool Together Control Center for defining role-slice diagrams and the associated AOP code generator is under development.