From formal access control policies to runtime enforcement aspects

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5429 LNCS, Issue , 2009, Pages 16-31

  Kallel, Slim ^a,b   Charfi, Anis ^c   Mezini, Mira ^a   Jmaiel, Mohamed ^b   Klose, Karl ^d  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b UNIVERSITY OF SFAX   (Tunisia)

^c SAP RESEARCH   (Germany)

^d AARHUS UNIVERSITY   (Denmark)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL POLICIES; APPLICATION SPECIFIC; ASPECT-ORIENTED; AUTOMATICALLY GENERATED; BUSINESS LOGIC; DOMAIN SPECIFIC; FORMAL SPECIFICATION AND VERIFICATION; RUNTIMES; SEPARATION OF DUTY; TEMPORAL SPECIFICATION;

COMPUTER SOFTWARE; FORMAL LANGUAGES; LINGUISTICS; SECURITY SYSTEMS; SPECIFICATIONS; TEMPORAL LOGIC;

ACCESS CONTROL;

EID: 70350680976     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-00199-4_2     Document Type: Conference Paper

References (23)

1. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3 (2000)
2. Ligatti, J., Bauer, L., Walker, D.W.: Enforcing non-safety security policies with program monitors. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355-373. Springer, Heidelberg (2005)
3. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for Role-based Access Control: Towards a Unified Standard. In: Proc. of RBAC. ACM, New York (2000)
4. Gligor, V.D., Gavrila, S.I., Ferraiolo, D.F.: On the formal definition of separation-of-duty policies and their composition. In: Proc. of Symposium on Security and Privacy. IEEE, Los Alamitos (1998)
5. Spivey, M.: The Z notation: a reference manual. Prentice Hall International Ltd., Englewood Cliffs (1992)
6. Manna, Z., Pnueli, A.: The temporal logic of reactive and concurrent systems. Springer, Heidelberg (1992)
7. Ostermann, K., Mezini, M., Bockisch, C.: Expressive pointcuts for increased modularity. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 214-240. Springer, Heidelberg (2005)
8. Meisels, I., Saaltink, M.: The Z/EVES reference manual (v 1.5) (1997)
9. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15 (2006)
10. Neumann, G., Strembeck, M.: An approach to engineer and enforce context constraints in an RBAC environment. In: Proc. of SACMAT. ACM Press, New York (2003)
11. Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: Proc. of SACMAT. ACM, New York (2006)
12. Regayeg, A., Kacem, A.H., Jmaiel, M.: Towards a formal methodology for designing multiagent applications. In: Eymann, T., Klugl, F., Lamersdorf, W., Klusch, M., Huhns, M.N. (eds.) MATES 2005. LNCS, vol. 3550, pp. 153-164. Springer, Heidelberg (2005)
13. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220-242. Springer, Heidelberg (1997)
14. Ahn, G.J.: Specification and Classification of Role-based Authorization Policies. In: Proc. of WETICE. IEEE, Los Alamitos (2003)
15. Kallel, S., Charfi, A., Mezini, M., Jmaiel, M.: Combining formal methods and aspects for specifying and enforcing architectural invariants. In: Murphy, A.L., Vitek, J. (eds.) COORDINATION 2007. LNCS, vol. 4467, pp. 211-230. Springer, Heidelberg (2007)
16. Kallel, S., Charfi, A., Mezini,M., Jmaiel,M.: Aspect-based enforcement of formal delegation policies. In: Proc. of CRISIS. IEEE, Los Alamitos (2008)
17. Song, E., Reddy, R., France, R., Ray, I., Georg, G., Alexander, R.: Verifiable composition of access control and application features. In: Proc. of SACMAT. ACM, New York (2005)
18. Ray, I., Li, N., France, R., Kim, D.K.: Using UML to visualize role-based access control constraints. In: Proc. of SACMAT. ACM Press, New York (2004)
19. Duke, R., Smith, G.: Temporal logic and Z specifications. Australian Computer Journal 21, 62-66 (1989)
20. Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: Proc. of POPL. ACM Press, New York (2000)
21. Stolz, V., Bodden, E.: Temporal assertions using AspectJ. In: Proc. of 5th Workshop on Runtime Verification. ENTCS (2005)
22. Chen, K., Lin, C.-W.: An aspect-oriented approach to declarative access control for web applications. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 176-188. Springer, Heidelberg (2006).
23. Verhanneman, T., Piessens, F., Win, B.D., et al.: Implementing a modular access control service to support application-specific policies in caesarJ. In: Proc. of AOMD. ACM Press, New York (2005)