TU Darmstadt / ULB / TUbiblio

From Formal Access Control Policies to Runtime Enforcement Aspects

Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed ; Klose, Karl :
From Formal Access Control Policies to Runtime Enforcement Aspects.
[Online-Edition: http://www.springerlink.com/content/c0477883j1j39082/]
In: Proceedings of the 1st International Symposium on Engineering Secure Software and Systems. Lecture Notes In Computer Science, 5429. Berlin/Heidelberg, Germany Leuven, Belgium , pp. 16-31.
[Buchkapitel], (2009)

Offizielle URL: http://www.springerlink.com/content/c0477883j1j39082/

Kurzbeschreibung (Abstract)

We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal Z, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal Z specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.

Typ des Eintrags: Buchkapitel
Erschienen: 2009
Autor(en): Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed ; Klose, Karl
Titel: From Formal Access Control Policies to Runtime Enforcement Aspects
Sprache: Englisch
Kurzbeschreibung (Abstract):

We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal Z, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal Z specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.

Buchtitel: Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Reihe: Lecture Notes In Computer Science
Band: 5429
Ort: Berlin/Heidelberg, Germany
Fachbereich(e)/-gebiet(e): Fachbereich Informatik > Softwaretechnik
Fachbereich Informatik
Veranstaltungstitel: 1st International Symposium on Engineering Secure Software and Systems (ESSoS '09)
Veranstaltungsort: Leuven, Belgium
Hinterlegungsdatum: 14 Sep 2009 07:16
Offizielle URL: http://www.springerlink.com/content/c0477883j1j39082/
ID-Nummer: 10.1007/978-3-642-00199-4_2
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen