TU Darmstadt / ULB / TUbiblio

From Formal Access Control Policies to Runtime Enforcement Aspects

Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed ; Klose, Karl (2009)
From Formal Access Control Policies to Runtime Enforcement Aspects.
In: Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
doi: 10.1007/978-3-642-00199-4_2
Book Section, Bibliographie

Abstract

We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal Z, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal Z specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.

Item Type: Book Section
Erschienen: 2009
Creators: Kallel, Slim ; Charfi, Anis ; Mezini, Mira ; Jmaiel, Mohamed ; Klose, Karl
Type of entry: Bibliographie
Title: From Formal Access Control Policies to Runtime Enforcement Aspects
Language: English
Date: 2009
Place of Publication: Berlin/Heidelberg, Germany
Book Title: Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Series: Lecture Notes In Computer Science
Series Volume: 5429
Event Title: 1st International Symposium on Engineering Secure Software and Systems (ESSoS '09)
Event Location: Leuven, Belgium
DOI: 10.1007/978-3-642-00199-4_2
Abstract:

We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal Z, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal Z specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > Software Technology
Date Deposited: 14 Sep 2009 07:16
Last Modified: 03 Jun 2018 21:23
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details