Skip to main content
SpringerLink
Log in

An Extensible and Decoupled Architectural Model for Authorization Frameworks

  • Conference paper
Computational Science and Its Applications – ICCSA 2013 (ICCSA 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7974))

Included in the following conference series:

Abstract

Existing access control frameworks fall short on offering comprehensive and general solutions in application development, often limited to role-based access control policies. This leads developers to craft solutions when it is necessary to implement complex access control policies, causing tangling of business and authorization concerns. In this context, framework extensibility and technology independence are also important to enable its adaptation to a wide range of applications. In order to widen the scope of authorization solutions, this research proposes an architectural model for frameworks, extensible to various access control models. The Esfinge Guardian framework, an implementation of the architectural model, is presented, with usage scenarios and a brief tutorial. Finally, a comparative analysis is presented between Esfinge Guardian and the main authorization framework providers, showing that the Esfinge Guardian is indeed more extensible and decoupled than the compared solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A Logical Framework for Reasoning about Access Control Models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)

    Article  Google Scholar 

  2. Privilege Management Conference Collaboration Team: A report on the privilege (access) management workshop (NIST-IR-7657), Washington, DC (2010)

    Google Scholar 

  3. Hu, V.C., Ferraiolo, D.F., Kuhn, D.R.: Assessment of Access Control (NIST-IR-7316), Gaithersburg, MD (2006)

    Google Scholar 

  4. Hu, V.C., Scarfone, K.: Guidelines for Access Control System Evaluation Metrics NIST-IR-7874, Gaithersburg, MD (2012)

    Google Scholar 

  5. Guerra, E.M.: A Conceptual Model for Metadata-based Frameworks, São José dos Campos (2010)

    Google Scholar 

  6. Fayad, M., Schmidt, D.C., Johnson, R.E.: Building application frameworks: object-oriented foundations of framework design. In: Building Application Frameworks: Object-oriented Foundations of Framework Design, pp. 55–83. Wiley, New York (1999)

    Google Scholar 

  7. Ferraiolo, D., Kuhn, R., Chandramoulli, R.: Role-based access control. Artech House (2007)

    Google Scholar 

  8. Ferraiolo, D., Kuhn, R.: Role-based Access Controls. In: Proceedings of 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, pp. 554–563 (1992)

    Google Scholar 

  9. Elliott, A.A., Knight, G.S.: Role Explosion: Acknowledging the Problem. In: Proceedings of the 2010 International Conference on Software Engineering Research & Practice (2010)

    Google Scholar 

  10. Sandhu, R., Ferraiolo, D.F., Kuhn, D.R.: The NIST Model for Role-Based Access Control: Toward a Unified Standard. In: 5th ACM Workshop Role-Based Access Control, pp. 47–63 (2000)

    Google Scholar 

  11. Probst, S., Kung, J.: The need for declarative security mechanisms. In: Proceedings of 30th Euromicro Conference, pp. 526–531 (2004)

    Google Scholar 

  12. Merz, M.: Enabling declarative security through the use of Java Data Objects. Journal of Science of Computer Programming 70(2-3), 208–220 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  13. Bartsch, S.: Authorization Enforcement Usability Case Study. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 209–220. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Hai-bo, S., Fan, H.: An Attribute-Based Access Control Model for Web Services. In: PDCAT 2006. Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 74–79 (2006)

    Google Scholar 

  15. Peng, J., Yang, F.: Description Logic Modeling of Temporal Attribute-Based Access Control. In: ICCE 2006, First International Conference on Communications and Electronics, pp. 414–418 (2006)

    Google Scholar 

  16. Hsieh, G., Foster, K., Emamali, G., Patrick, G., Marvel, L.: Using XACML for Embedded and Fine-Grained Access Control Policy. In: ARES 2009 International Conference, pp. 462–468 (2009)

    Google Scholar 

  17. XACML: eXtensible Access Control Markup Language (XACML), Version 3.0, Committee Specification 01 (2011), http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf

  18. Bo, L., Nan, Z., Kun, G., Kai, C.: An XACML Policy Generating Method Based on Policy View. In: ICPCA 2008: Third International Conference on Pervasive Computing and Applications, vol. 1, pp. 295–301 (2008)

    Google Scholar 

  19. CGLIB: Code Generation Library (2013), http://cglib.sourceforge.net

  20. Java EE: Java Enterprise Edition Tutorial 6 (2013), http://docs.oracle.com/javaee/6/tutorial/doc/bnbyl.html

  21. Spring Framework: Spring Source Community (2013), http://www.springsource.org/

  22. Perillo, J., Guerra, E., Silva, J., Silveira, F., Fernandes, C.: Metadata Modularization Using Domain Annotations. In: Workshop on Assessment of Contemporary Modularization Techniques, Orlando, vol. 3 (2009)

    Google Scholar 

  23. Perillo, J., Guerra, E., Fernandes, C.: Daileon-A Tool for Enabling Domain Annotations. In: RAM-SE 2009: Proceedings of the Workshop on AOP and Meta-Data for Software Evolution, vol. 7 (2009)

    Google Scholar 

  24. Sun’s XACML: Sun’s XACML Implementation (2013), http://sunxacml.sourceforge.net/

  25. Trusted Computer System Evaluation Criteria (Orange Book), Department of Defense (1985), http://csrc.nist.gov/publications/history/dod85.pdf

  26. Sayaf, R., Clarke, D.: Access Control Models for Online Social Networks. In: Social Network Engineering for Secure Web Data and Services (2012)

    Google Scholar 

  27. Sayaf, R.: Access control for online social networks - research summary. In: For Your Eyes Only Conference, Brussels (2012)

    Google Scholar 

  28. Ribeiro, M., Dosea, M., Bonifácio, R., Neto, A.C., Borba, P., Soares, S.: Analyzing Class and Crosscutting Modularity Structure Matrixes. In: Proceedings of the 21th Brazilian Symposium on Software Engineering, SBES (2007)

    Google Scholar 

  29. Neto, A.C., Ribeiro, M., Dósea, M., Bonifácio, R., Borba, P., Soares, S.: Semantic Dependencies and Modularity of Aspect-Oriented Software. In: Workshop on Assessment of Contemporary Modularization Techniques (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Division, Aeronautical Institute of Technology – ITA, Praça Mal. Eduardo Gomes 50, CEP 12228-900, São José dos Campos, SP, Brazil

    Jefferson O. Silva & Clovis T. Fernandes

  2. Computer Science Division, Pontifical Catholic University of São Paulo – PUCSP, Rua Marquês de Paranaguá 111, CEP 01303-050, São Paulo, SP, Brazil

    Jefferson O. Silva

  3. Laboratory of Computing and Applied Mathematics (LAC), National Institute for Space Research (INPE), P. O. Box 515, 12227-010, São José dos Campos, SP, Brazil

    Eduardo M. Guerra

Authors
  1. Jefferson O. Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo M. Guerra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Clovis T. Fernandes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. L-I.S.U.T. - D.A.P.I.t. Facoltà Ingegneria, Università degli Studi della Basilicata, Viale dell’Ateneo Lucano, 10, 85100, Potenza, Italy

    Beniamino Murgante

  2. Canaanland OTA, Covenant University, Nigeria

    Sanjay Misra

  3. Partimento di Scienze e Tecnologie per LAgricoltura, le Foreste, la Natura e lEnergia, Università degli Studi della Tuscia, Via S. Camillo de Lellis, snc, 01100, Viterbo, Italy

    Maurizio Carlini

  4. Dipartimento di Scienze dell’Ingegneria Civile e dell’Architecttura, Politecnico di Bari, Via Orabona, 4, 70125, Bari, Italy

    Carmelo M. Torre

  5. Quarter 6, Linh Trung, Thu Duc, International University VNU-HCM, Ho Chi Minh City, Vietnam

    Hong-Quang Nguyen

  6. School of Business Systems, Monash University, 3800, Clayton, VIC, Australia

    David Taniar

  7. Department of Intelligent Informatics, Kyushu Sangyo University, 2-3-1 Matsukadai, 813-8503, Higashi-ku, Fukuoka, Japan

    Bernady O. Apduhan

  8. Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli, 1, 06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Silva, J.O., Guerra, E.M., Fernandes, C.T. (2013). An Extensible and Decoupled Architectural Model for Authorization Frameworks. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2013. ICCSA 2013. Lecture Notes in Computer Science, vol 7974. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39649-6_44

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39649-6_44

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39648-9

  • Online ISBN: 978-3-642-39649-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation