TU Darmstadt / ULB / TUbiblio

From Formal Access Control Policies to Runtime Enforcement Aspects

Kallel, Slim and Charfi, Anis and Mezini, Mira and Jmaiel, Mohamed and Klose, Karl (2009):
From Formal Access Control Policies to Runtime Enforcement Aspects.
In: Proceedings of the 1st International Symposium on Engineering Secure Software and Systems, Berlin/Heidelberg, Germany, pp. 16-31, [Online-Edition: http://www.springerlink.com/content/c0477883j1j39082/],
[Book Section]

Abstract

We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal Z, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal Z specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.

Item Type: Book Section
Erschienen: 2009
Creators: Kallel, Slim and Charfi, Anis and Mezini, Mira and Jmaiel, Mohamed and Klose, Karl
Title: From Formal Access Control Policies to Runtime Enforcement Aspects
Language: English
Abstract:

We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal Z, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal Z specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.

Title of Book: Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Series Name: Lecture Notes In Computer Science
Volume: 5429
Place of Publication: Berlin/Heidelberg, Germany
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Software Technology
Event Title: 1st International Symposium on Engineering Secure Software and Systems (ESSoS '09)
Event Location: Leuven, Belgium
Date Deposited: 14 Sep 2009 07:16
Official URL: http://www.springerlink.com/content/c0477883j1j39082/
Identification Number: doi:10.1007/978-3-642-00199-4_2
Export:

Optionen (nur für Redakteure)

View Item View Item