Security@Runtime: A flexible MDE approach to enforce fine-grained security policies

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8364 LNCS, Issue , 2014, Pages 19-34

  Elrakaiby, Yehia ^a   Amrani, Moussa ^a   Le Traon, Yves ^a  

^a UNIVERSITY OF LUXEMBOURG   (Luxembourg)

Author keywords

Access Control; Java Security; Obligations; Security Domain Specific Language; Security Policies

Indexed keywords

ACCESS CONTROL; SECURITY SYSTEMS;

DOMAIN SPECIFIC MODELING LANGUAGES; FINE-GRAINED SECURITY POLICIES; INTEGRATION OF SECURITY; JAVA SECURITY; OBLIGATIONS; POLICY ENFORCEMENT POINTS; SECURITY DOMAINS; SECURITY POLICY;

JAVA PROGRAMMING LANGUAGE;

EID: 84958531967     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-04897-0_2     Document Type: Conference Paper

References (36)

1. Sandhu, R., Park, J.: The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128-174 (2004)
2. Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: SACMAT 2008, p. 133 (2008)
3. Mont, M.: Dealing with privacy obligations in enterprises. In: ISSE 2004 Securing Electronic Business Processes, pp. 28-30 (2004)
4. Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies. In: NSPW, pp. 87-95 (2000)
5. Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. ACM SIGPLAN Notices 40(6), 305 (2005)
6. de Oliveira, A.S., Wang, E.K., Kirchner, C., Kirchner, H.: Weaving rewrite-based access control policies. In: FMSE, pp. 71-80 (2007)
7. Hamlen, K.W., Jones, M.: Aspect-oriented in-lined reference monitors. In: PLAS, p. 11 (2008)
8. Hussein, S., Meredith, P., Rolu, G.: Security-policy monitoring and enforcement with JavaMOP. In: PLAS, pp. 1-11 (2012)
9. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.M., Irwin, J.: Aspect-Oriented Programming. In: Aķsit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220-242. Springer, Heidelberg (1997)
10. Lodderstedt, T., Basin, D.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Proceedings of the 5th International Conference on The Unified Modeling Language, pp. 426-441 (2002)
11. Mouelhi, T., Fleurey, F., Baudry, B., Le Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., V̈olter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 537-552. Springer, Heidelberg (2008)
12. Morin, B., Mouelhi, T., Fleurey, F., Le Traon, Y., Barais, O., J́eźequel, J.M.: Security-driven model-based dynamic adaptation. In: ASE 2010 (2010)
13. Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: SACMAT 2011, pp. 1-10 (2011)
14. Basin, D., Clavel, M., Doser, J., Egea, M.: A Metamodel-Based Approach for Analyzing Security-Design Models. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 420-435. Springer, Heidelberg (2007)
15. May, M., Gunter, C., Lee, I.: Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: 19th IEEE Computer Security Foundations Workshop, CSFW 2006 (2006)
16. Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy (2006)
17. Barth, A., Mitchell, J., Datta, A., Sundaram, S.: Privacy and Utility in Business Processes. In: 20th IEEE Computer Security Foundations Symposium, pp. 279-294 (2007)
18. Lam, P.E., Mitchell, J.C., Sundaram, S.: A formalization of HIPAA for a medical messaging system. In: Fischer-Ḧubner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 73-85. Springer, Heidelberg (2009)
19. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM) 15(1), 39-91 (2006)
20. J̈urjens, J.: UMLsec: Extending UML for secure systems development. In: J́eźequel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412-425. Springer, Heidelberg (2002)
21. Moebius, N., Stenzel, K., Grandy, H., Reif, W.: SecureMDD: a model-driven development method for secure smart card applications. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 841-846 (March 2009)
22. Cuppens, F., Mìege, A.: Modelling contexts in the Or-BAC model. In: ACSAC, pp. 416-425 (2003)
23. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. In: Data & Knowledge Engineering, pp. 1-21 (2011)
24. Jajodia, S., Samarati, P., Subrahmanian, V.: A logical language for expressing authorizations. In: Proceedings of 1997 IEEE Symposium on Security and Privacy, pp. 31-42 (1997)
25. Kagal, L., Finin, T.: A policy language for a pervasive computing environment. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 63-74 (2003)
26. Gosling, J., Joy, B., Steele, G., Bracha, G., Buckley, A.: The Java Language Specification. Addison-Wesley Longman (2013)
27. Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: A delegation model for extended RBAC. International Journal of Information Security 9(3), 209-236 (2010)
28. Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High Level Conflict Management Strategies in Advanced Access Control Models. Electronic Notes in Theoretical Computer Science 186, 3-26 (2007)
29. Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: Motorbac 2: a security policy tool. In: 3rd Conference on Security in Network Architectures and Information Systems (SAR-SSI 2008), Loctudy, France, pp. 273-288 (2008)
30. Kateb, D.E., Mouelhi, T., Traon, Y.L., Hwang, J., Xie, T.: Refactoring access control policies for performance improvement. In: ICPE, pp. 323-334 (2012)
31. Molina, F., Toval, A., Śanchez, O., Garca-Molina, J.: ModelSec: A Generative Architecture for Model-Driven Security. Journal of Universal Computer Science 15(15), 2957-2980 (2009)
32. Breu, R., Popp, G., Alam, M.: Model based development of access policies. International Journal on Software Tools for Technology Transfer 9(5-6), 457-470 (2007)
33. emfText, http://www.emftext.org/index.php/EMFText
34. XSB Porlog, http://xsb.sourceforge.net
35. interProlog, http://www.declarativa.com/interprolog
36. Extensible Access Control Markup Language (XACML) version 3.0, http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf