Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
A secure execution framework for Java
Proceedings of the 7th ACM conference on Computer and communications security
Managing security policies in a distributed environment using eXtensible markup language (XML)
Proceedings of the 2001 ACM symposium on Applied computing
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Unified support for heterogeneous security policies in distributed systems
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Instance-level access control for business-to-business electronic commerce
IBM Systems Journal
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
Hi-index | 0.00 |
Security and authorization play a very important role in the development, deployment and functioning of software systems. Java being the most popular platform for component-based software and systems, Java security is playing a key role in enterprise systems. The major drawback in the security support provided by J2EE and J2SE is the absence of a standard way to support instance level access control. JAAS does provide some help, but it is not without its share of problems. The newest standard related to security – XACML, provides a standard simple way to represent security policies. In the paper we propose a unique way to extend JAAS technology so that it can support class-instance level access control in a declarative manner. We then showcase how this extension can be molded in the XACML architecture, thereby providing an end-to-end standard based access control specification and implementation for J2SE and J2EE applications. The major advantage of our technique is that, being declarative it does not require any change to the security code when – either the security policies are changed or the security infrastructure is deployed in a new environment.