TY - GEN
T1 - A formal enforcement framework for role-based access control using aspect-oriented programming
AU - Pavlich-Mariscal, Jaime
AU - Michel, Laurent
AU - Demurjian, Steven
PY - 2005
Y1 - 2005
N2 - Many of today's software applications require a high-level of security, defined by a detailed policy and attained via mechanisms such as role-based access control (RBAC), mandatory access control, digital signatures, etc. The integration of the design/implementation processes of access-control policies with runtime enforcement mechanisms is crucial to achieve an acceptable level of security for a software application. Our prior research focused on formalizing the concept of a role slice, which is a unified modeling language (UML) artifact that captures RBAC security requirements by defining permissions in the form of allowable or prohibited methods, and by specifying roles as specialized class diagrams that contain those methods. This paper augments this effort by introducing a formal framework for the security of software applications that supports the automatic translation of a role-slice access-control policy (RBAC requirements) into aspect-oriented programming (AOP) enforcement code that is seamlessly integrated with the application. The formal framework provides the necessary underpinnings to automate the integration of security policies into software. A prototyping effort based on Borland's UML tool Together Control Center for defining role-slice diagrams and the associated AOP code generator is under development.
AB - Many of today's software applications require a high-level of security, defined by a detailed policy and attained via mechanisms such as role-based access control (RBAC), mandatory access control, digital signatures, etc. The integration of the design/implementation processes of access-control policies with runtime enforcement mechanisms is crucial to achieve an acceptable level of security for a software application. Our prior research focused on formalizing the concept of a role slice, which is a unified modeling language (UML) artifact that captures RBAC security requirements by defining permissions in the form of allowable or prohibited methods, and by specifying roles as specialized class diagrams that contain those methods. This paper augments this effort by introducing a formal framework for the security of software applications that supports the automatic translation of a role-slice access-control policy (RBAC requirements) into aspect-oriented programming (AOP) enforcement code that is seamlessly integrated with the application. The formal framework provides the necessary underpinnings to automate the integration of security policies into software. A prototyping effort based on Borland's UML tool Together Control Center for defining role-slice diagrams and the associated AOP code generator is under development.
UR - http://www.scopus.com/inward/record.url?scp=33646186281&partnerID=8YFLogxK
U2 - 10.1007/11557432_41
DO - 10.1007/11557432_41
M3 - Conference contribution
AN - SCOPUS:33646186281
SN - 3540290109
SN - 9783540290100
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 537
EP - 552
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
T2 - 8th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2005
Y2 - 2 October 2005 through 7 October 2005
ER -