Sciweavers

UML
2005
Springer

A Formal Enforcement Framework for Role-Based Access Control Using Aspect-Oriented Programming

14 years 6 months ago
A Formal Enforcement Framework for Role-Based Access Control Using Aspect-Oriented Programming
Many of today’s software applications require a high-level of security, defined by a detailed policy and attained via mechanisms such as role-based access control (RBAC), mandatory access control, digital signatures, etc. The integration of the design/implementation processes of access-control policies with runtime enforcement mechanisms is crucial to achieve an acceptable level of security for a software application. Our prior research focused on formalizing the concept of a role slice, which is a unified modeling language (UML) artifact that captures RBAC security requirements by defining permissions in the form of allowable or prohibited methods, and by specifying roles as specialized class diagrams that contain those methods. This paper augments this effort by introducing a formal framework for the security of software applications that supports the automatic translation of a role-slice access-control policy (RBAC requirements) into aspect-oriented programming (AOP) enforceme...
Jaime A. Pavlich-Mariscal, Laurent Michel, Steven
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where UML
Authors Jaime A. Pavlich-Mariscal, Laurent Michel, Steven A. Demurjian
Comments (0)