Abstract
The objective of this research is to develop techniques that integrate alternative security concerns (e.g., mandatory access control, delegation, authentication, etc.) into the software process. A framework is proposed to achieve composable security definition, assurance, and enforcement via a model-driven framework that preserves separation of security concerns from modeling through implementation, and provides mechanisms to compose these concerns into the application, while maintaining consistency between design models and code. At modeling-time, separation of concerns (e.g., RBAC, MAC, delegation, authorization, etc.) is emphasized by defining concern-specific modeling languages. At the implementation-level, aspect-oriented programming (AOP) transitions security concerns into modularized code that enforces each concern. This research assumes the use of an underlying object-oriented language with aspect-oriented extensions, and infrastructure to implement the applications and support secure access to the public methods of classes, e.g., Java with AspectJ or C++ with AspectC++.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Basin, D., Doser, J., Lodderstedt, T.: Model driven security, Engineering Theories of Software Intensive Systems (2004)
Pavlich-Mariscal, J.A., Doan, T., Michel, L., Demurjian, S.A., Ting, T.C.: Role Slices: A Notation for RBAC Permission Assignment and Enforcement. In: Proceedings of 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (2005)
Pavlich-Mariscal, J.A., Michel, L., Demurjian, S.A.: A Formal Enforcement Framework for Role-Based Access Control using Aspect-Oriented Programming. In: Briand, L., Williams, C. (eds.) ACM/IEEE 8th International Conference on Model Driven Engineering Languages and Systems, Montego Bay, Jamaica (2005)
Song, E., Reddy, R., France, R., Ray, I., Georg, G., Alexander, R.: Verifiable composition of access control features and applications. In: Proceedings of 10th ACM Symposium on Access Control Models and Technologies, SACMAT 2005 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pavlich-Mariscal, J.A., Demurjian, S.A., Michel, L.D. (2006). A Framework for Composable Security Definition, Assurance, and Enforcement. In: Bruel, JM. (eds) Satellite Events at the MoDELS 2005 Conference. MODELS 2005. Lecture Notes in Computer Science, vol 3844. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663430_41
Download citation
DOI: https://doi.org/10.1007/11663430_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31780-7
Online ISBN: 978-3-540-31781-4
eBook Packages: Computer ScienceComputer Science (R0)