TU Darmstadt / ULB / TUbiblio

Aspect-based Enforcement of Formal Delegation Policies

Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed :
Aspect-based Enforcement of Formal Delegation Policies.
In: Third International Conference on Risks and Security of Internet and Systems (CRiSIS '08), 28.-30. Okt. 2008, Tozeur, Tunisia. IEEE
[Konferenz- oder Workshop-Beitrag], (2008)

Kurzbeschreibung (Abstract)

Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2008
Autor(en): Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed
Titel: Aspect-based Enforcement of Formal Delegation Policies
Sprache: Englisch
Kurzbeschreibung (Abstract):

Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.

Verlag: IEEE
Fachbereich(e)/-gebiet(e): Fachbereich Informatik > Softwaretechnik
Fachbereich Informatik
Veranstaltungstitel: Third International Conference on Risks and Security of Internet and Systems (CRiSIS '08)
Veranstaltungsort: Tozeur, Tunisia
Veranstaltungsdatum: 28.-30. Okt. 2008
Hinterlegungsdatum: 14 Sep 2009 07:15
ID-Nummer: 10.1109/CRISIS.2008.4757459
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen