A framework for security assurance of access control enforcement code

Computers and Security

Volumn 29, Issue 7, 2010, Pages 770-784

  Pavlich Mariscal, Jaime A ^a   Demurjian, Steven A ^b   Michel, Laurent D ^b  

^a UNIVERSIDAD CATÓLICA DEL NORTE   (Chile)

^b UNIVERSITY OF CONNECTICUT   (United States)

Author keywords

Access control; Formal methods; Security assurance; UML

Indexed keywords

ACCESS CONTROL POLICIES; APPLICATION CODES; ASPECT-ORIENTED; ENFORCEMENT MECHANISMS; INTEGRAL PART; LABELED TRANSITION SYSTEMS; SECURITY ASSURANCE; SIMULATION RELATION; SOFTWARE DEVELOPMENT PROCESS; STRUCTURAL OPERATIONAL SEMANTICS; UML;

FORMAL METHODS; SECURITY SYSTEMS; SOFTWARE DESIGN;

ACCESS CONTROL;

EID: 77956395450     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2010.03.004     Document Type: Article

References (38)

1. Alghathbar K, Wijesekera D. Consistent and complete access control policies in use cases. In Proceedings of the 6th international conference the unified modeling language, Model languages and applications, 2003.
2. D. Alhadidi, N. Belblidia, M. Debbabi, and P. Bhattacharya {lambda} -SAOP: a security aop calculus The Computer Journal 2009
3. AspectJ-Team The AspectJ programming guide 2003 AspectJ-Team
4. ATIS Telecom. Glossary 2000. t1. 523-2001, 2001.
5. D. Basin, J. Doser, and T. Lodderstedt Model driven security Engineering theories of software intensive systems 2005 Springer
6. D. Bell, and L. LaPadula Secure computer systems: mathematical foundations model Technical report 1975 Mitre Corporation
7. Ao Cachopo Jo, and António Rito-Silva Combining software transactional memory with a domain modeling language to simplify web application development ICWE '06: Proceedings of the 6th international conference on Web engineering 2006 ACM New York, NY, USA 297 304
8. Daniel S. Dantas. Analyzing security advice in functional aspect-oriented programming languages. PhD thesis, Princeton, NJ, USA, 2007.
9. Devanbu P, Stubblebine S. Software engineering for security: a roadmap. In: Proceedings of the conference on the future of software engineering, 2000.
10. De-Win B. Engineering application-level security through aspect-oriented software development. PhD thesis, Department of Computer Science, K.U.Leuven, Leuven, Belgium, 2004.
11. Thuong Doan. A framework for software security in UML with assurance. PhD thesis, The University of Connecticut, 2008.
12. DoD Trusted Computer System Evaluation Criteria. 5200.28-STD 1985 DoD
13. Erlingsson, and Schneider SASI enforcement of security policies: a retrospective WNSP: new security paradigms workshop 2000 ACM Press
14. Farias A. Towards a security aspect for java. Master's thesis, Vrije Universiteit Brussel, 2001.
15. D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli Proposed NIST standard for role-based access control ACM Transactions on Information and System Security 4 2001 224 274
16. J. Gosling, B. Joy, G. Steele, and G. Bracha The Java Language Specification 3rd ed. The java series 2004 Addison-Wesley
17. William Harrison, Charles Barton, and Mukund Raghavachari Mapping uml designs to java OOPSLA '00: proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications 2000 ACM New York, NY, USA 178 187
18. M. Huang, C. Wang, and L. Zhang Toward a reusable and generic security aspect library AOSDSEC vol. 4 2004 AOSD
19. International Organization for Standardization. ISO/IEC 23270:2003: information technology-C# language specification. 2003.
20. ISO/IEC 14882:2003: Programming languages: C++. 2003.
21. Lamping J, Mendhekar A, Maeda C, Videira Lopes C, Loingtier J-M, Kiczales G, Irwin, J. Aspect-Oriented Programming. In: Proc. of ECOOP 1997, 1997.
22. Tiago Massoni, Rohit Gheyi, and Paulo Borba A framework for establishing formal conformance between object models and object-oriented programs Electronic Notes on Theoretical Computer Science 195 2008 189 209
23. G. McGraw From the ground up: the DIMACS software security workshop IEEE Security & Privacy 1 2003 59 66
24. Robin Milner An algebraic definition of simulation between programs 1971 Technical report Stanford, CA, USA
25. Azzam Mourad, Marc-André Laverdire, and Mourad Debbabi A high-level aspect-oriented-based framework for software security hardening Information Security Journal: A Global Perspective 17 2 2008 56
26. Object Management Group UML 2.0 superstructure Technical report 2005 Object Management Group
27. Object Management Group CORBA component model, v4.0 2006 Object Management Group
28. Pandey R, Hashii B. Providing fine-grained access control for mobile programs through binary editing. Technical Report TR-98-08, 1998.
29. Jaime A. Pavlich-Mariscal, A. StevenDemurjian, and Laurent D. Michel A framework of composable access control features: preserving separation of access control concerns from models to code Computers and Security 2010 (Special Issue on Software Engineering)
30. Benjamin C. Pierce Types and programming languages 2002 MIT Press Cambridge, MA, USA
31. G. Plotkin A structural approach to operational semantics Technical report 1981 University of Aarhus Computer Science Department
32. Andreas Sewe, Christoph Bockisch, and Mira Mezini Aspects and class-based security: a survey of interactions between advice weaving and the java 2 security model VMIL '08: Proceedings of the 2nd Workshop on Virtual Machines and Intermediate Languages for emerging modularization mechanisms 2008 ACM New York, NY, USA 1 7
33. V. Shah, and F. Hill An aspect-oriented security framework Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX'03) vol. 2 2003 Washington, DC, USA, pp. 143-145
34. Slowikowski P, Zielinski K. Comparison study of aspect-oriented and container managed security. In: AAOS2003: Analysis of Aspect Oriented Software. Workshop held in conjunction with ECOOP, 2003.
35. Song E, Reddy R, France R, Ray I, Georg G, Alexander R. Verifiable composition of access control features and applications. In: Proceedings of SACMAT 2005, 2005.
36. SUN Microsystems Enterprise javabeans technology http://java.sun.com/ products/ejb/
37. van Glabbeek RJ. Bisimulation, November 2007.
38. J. Viega, J.T. Bloch, and P. Chandra Applying aspect-oriented programming to security Cutter IT Journal 2001