TU Darmstadt / ULB / TUbiblio

A holistic approach for access control policies: from formal specification to aspect-based enforcement

Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed ; Sewe, Andreas :
A holistic approach for access control policies: from formal specification to aspect-based enforcement.
[Online-Edition: http://dx.doi.org/10.1504/IJICS.2009.031044]
In: International Journal of Information and Computer Security, 3 (3/4) pp. 337-354. ISSN 1744-1765
[Artikel], (2009)

Offizielle URL: http://dx.doi.org/10.1504/IJICS.2009.031044

Kurzbeschreibung (Abstract)

We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.

Typ des Eintrags: Artikel
Erschienen: 2009
Autor(en): Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed ; Sewe, Andreas
Titel: A holistic approach for access control policies: from formal specification to aspect-based enforcement
Sprache: Englisch
Kurzbeschreibung (Abstract):

We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.

Titel der Zeitschrift, Zeitung oder Schriftenreihe: International Journal of Information and Computer Security
Band: 3
(Heft-)Nummer: 3/4
Verlag: Inderscience Publishers
Fachbereich(e)/-gebiet(e): Fachbereich Informatik
Fachbereich Informatik > Softwaretechnik
Hinterlegungsdatum: 03 Feb 2010 13:05
Offizielle URL: http://dx.doi.org/10.1504/IJICS.2009.031044
ID-Nummer: 10.1504/IJICS.2009.031044
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen