Abstract
Existing access control frameworks fall short on offering comprehensive and general solutions in application development, often limited to role-based access control policies. This leads developers to craft solutions when it is necessary to implement complex access control policies, causing tangling of business and authorization concerns. In this context, framework extensibility and technology independence are also important to enable its adaptation to a wide range of applications. In order to widen the scope of authorization solutions, this research proposes an architectural model for frameworks, extensible to various access control models. The Esfinge Guardian framework, an implementation of the architectural model, is presented, with usage scenarios and a brief tutorial. Finally, a comparative analysis is presented between Esfinge Guardian and the main authorization framework providers, showing that the Esfinge Guardian is indeed more extensible and decoupled than the compared solutions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A Logical Framework for Reasoning about Access Control Models. ACM Transactions on Information and System Security 6(1), 71–127 (2003)
Privilege Management Conference Collaboration Team: A report on the privilege (access) management workshop (NIST-IR-7657), Washington, DC (2010)
Hu, V.C., Ferraiolo, D.F., Kuhn, D.R.: Assessment of Access Control (NIST-IR-7316), Gaithersburg, MD (2006)
Hu, V.C., Scarfone, K.: Guidelines for Access Control System Evaluation Metrics NIST-IR-7874, Gaithersburg, MD (2012)
Guerra, E.M.: A Conceptual Model for Metadata-based Frameworks, São José dos Campos (2010)
Fayad, M., Schmidt, D.C., Johnson, R.E.: Building application frameworks: object-oriented foundations of framework design. In: Building Application Frameworks: Object-oriented Foundations of Framework Design, pp. 55–83. Wiley, New York (1999)
Ferraiolo, D., Kuhn, R., Chandramoulli, R.: Role-based access control. Artech House (2007)
Ferraiolo, D., Kuhn, R.: Role-based Access Controls. In: Proceedings of 15th NIST-NCSC National Computer Security Conference, Baltimore, MD, pp. 554–563 (1992)
Elliott, A.A., Knight, G.S.: Role Explosion: Acknowledging the Problem. In: Proceedings of the 2010 International Conference on Software Engineering Research & Practice (2010)
Sandhu, R., Ferraiolo, D.F., Kuhn, D.R.: The NIST Model for Role-Based Access Control: Toward a Unified Standard. In: 5th ACM Workshop Role-Based Access Control, pp. 47–63 (2000)
Probst, S., Kung, J.: The need for declarative security mechanisms. In: Proceedings of 30th Euromicro Conference, pp. 526–531 (2004)
Merz, M.: Enabling declarative security through the use of Java Data Objects. Journal of Science of Computer Programming 70(2-3), 208–220 (2008)
Bartsch, S.: Authorization Enforcement Usability Case Study. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 209–220. Springer, Heidelberg (2011)
Hai-bo, S., Fan, H.: An Attribute-Based Access Control Model for Web Services. In: PDCAT 2006. Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 74–79 (2006)
Peng, J., Yang, F.: Description Logic Modeling of Temporal Attribute-Based Access Control. In: ICCE 2006, First International Conference on Communications and Electronics, pp. 414–418 (2006)
Hsieh, G., Foster, K., Emamali, G., Patrick, G., Marvel, L.: Using XACML for Embedded and Fine-Grained Access Control Policy. In: ARES 2009 International Conference, pp. 462–468 (2009)
XACML: eXtensible Access Control Markup Language (XACML), Version 3.0, Committee Specification 01 (2011), http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf
Bo, L., Nan, Z., Kun, G., Kai, C.: An XACML Policy Generating Method Based on Policy View. In: ICPCA 2008: Third International Conference on Pervasive Computing and Applications, vol. 1, pp. 295–301 (2008)
CGLIB: Code Generation Library (2013), http://cglib.sourceforge.net
Java EE: Java Enterprise Edition Tutorial 6 (2013), http://docs.oracle.com/javaee/6/tutorial/doc/bnbyl.html
Spring Framework: Spring Source Community (2013), http://www.springsource.org/
Perillo, J., Guerra, E., Silva, J., Silveira, F., Fernandes, C.: Metadata Modularization Using Domain Annotations. In: Workshop on Assessment of Contemporary Modularization Techniques, Orlando, vol. 3 (2009)
Perillo, J., Guerra, E., Fernandes, C.: Daileon-A Tool for Enabling Domain Annotations. In: RAM-SE 2009: Proceedings of the Workshop on AOP and Meta-Data for Software Evolution, vol. 7 (2009)
Sun’s XACML: Sun’s XACML Implementation (2013), http://sunxacml.sourceforge.net/
Trusted Computer System Evaluation Criteria (Orange Book), Department of Defense (1985), http://csrc.nist.gov/publications/history/dod85.pdf
Sayaf, R., Clarke, D.: Access Control Models for Online Social Networks. In: Social Network Engineering for Secure Web Data and Services (2012)
Sayaf, R.: Access control for online social networks - research summary. In: For Your Eyes Only Conference, Brussels (2012)
Ribeiro, M., Dosea, M., Bonifácio, R., Neto, A.C., Borba, P., Soares, S.: Analyzing Class and Crosscutting Modularity Structure Matrixes. In: Proceedings of the 21th Brazilian Symposium on Software Engineering, SBES (2007)
Neto, A.C., Ribeiro, M., Dósea, M., Bonifácio, R., Borba, P., Soares, S.: Semantic Dependencies and Modularity of Aspect-Oriented Software. In: Workshop on Assessment of Contemporary Modularization Techniques (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Silva, J.O., Guerra, E.M., Fernandes, C.T. (2013). An Extensible and Decoupled Architectural Model for Authorization Frameworks. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2013. ICCSA 2013. Lecture Notes in Computer Science, vol 7974. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39649-6_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-39649-6_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39648-9
Online ISBN: 978-3-642-39649-6
eBook Packages: Computer ScienceComputer Science (R0)