ABSTRACT
In previous work we successfully modularized the Java access control architecture. The approach consists in expressing access control using restriction aspects scoped with an appropriate scoping strategy. In this work we briefly explore how restriction aspects and scoping strategies make it possible to express novel and useful access control policies in a direct manner.
- C. Fournet and A. D. Gordon. Stack inspection: theory and variants. ACM Transactions on Programming Languages and Systems (TOPLAS), 25(3):360 -- 399, 2003. Google ScholarDigital Library
- N. Hardy. The confused deputy. SIGOPS Operating Systems Review, 22(4):36--38, 1988. Google ScholarDigital Library
- M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, John Hopkins University, Baltimore, Maryland, USA, May 2006. Google ScholarDigital Library
- J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems, 1975.Google Scholar
- P. Samarati and S. D. C. di Vimercati. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design, volume 2171 of Lecture Notes in Computer Science, pages 137--196. Springer Berlin / Heidelberg, London, UK, 2001. Google ScholarDigital Library
- É. Tanter. Expressive scoping of dynamically-deployed aspects. In Proceedings of the 7th ACM International Conference on Aspect-Oriented Software Development (AOSD 2008), pages 168--179, Brussels, Belgium, Apr. 2008. ACM Press. Google ScholarDigital Library
- R. Toledo, A. Núnez, É. Tanter, and J. Noyé. Aspectizing Java Access Control. IEEE Transactions on Software Engineering, 2011. In Press. Google ScholarDigital Library
- D. Wallach and E. Felten. Understanding Java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy, pages 52--63, 1998.Google ScholarCross Ref
Index Terms
- Exploiting modular access control for advanced policies
Recommendations
Secure and modular access control with aspects
AOSD '13: Proceedings of the 12th annual international conference on Aspect-oriented software developmentCan access control be fully modularized as an aspect? Most proposals for aspect-oriented access control are limited to factoring out access control checks, still relying on a non-modular and ad hoc infrastructure for permission checking. Recently, we ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Aspectizing Java Access Control
It is inevitable that some concerns crosscut a sizeable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: It is difficult to be confident about the security of an application when ...
Comments