TU Darmstadt / ULB / TUbiblio

A holistic approach for access control policies: from formal specification to aspect-based enforcement

Kallel, Slim and Charfi, Anis and Mezini, Mira and Jmaiel, Mohamed and Sewe, Andreas (2009):
A holistic approach for access control policies: from formal specification to aspect-based enforcement.
In: International Journal of Information and Computer Security, 3 (3/4), pp. 337-354. Inderscience Publishers, ISSN 1744-1765,
[Article]

Abstract

We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.

Item Type: Article
Erschienen: 2009
Creators: Kallel, Slim and Charfi, Anis and Mezini, Mira and Jmaiel, Mohamed and Sewe, Andreas
Title: A holistic approach for access control policies: from formal specification to aspect-based enforcement
Language: English
Abstract:

We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.

Journal or Publication Title: International Journal of Information and Computer Security
Journal volume: 3
Number: 3/4
Publisher: Inderscience Publishers
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Software Technology
Date Deposited: 03 Feb 2010 13:05
Official URL: http://dx.doi.org/10.1504/IJICS.2009.031044
Identification Number: doi:10.1504/IJICS.2009.031044
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details