Dynamic Aspect-Oriented Security Policy Enforcement
نویسنده
چکیده
There are many approaches to utilizing aspect-oriented (AO) languages and techniques for the purpose of introducing security into applications. The cross-cutting nature of security has been well documented and therefore the benefit of implementing security using AO techniques logically follows. Authentication, authorization, auditing, logging, etc. are obvious activities that can easily be introduced via aspects. This paper will propose the possibility of utilizing aspectoriented components combined with Execution Monitoring [1] techniques to dynamically generate and enforce security policies within applications.
منابع مشابه
Adaptive Security on Service-based SCM Control System
On a large-scale application subject to dynamic interactions, the description and enforcement of security rules are complex tasks to handle, as they involve heterogeneous entities that do not have the same capabilities. In the context of SCM-application for example, we have different goods that are being transported across different systems. At one point, items and systems communicate together ...
متن کاملLeveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model That Extends NIST RBAC
To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, w...
متن کاملAdaptive Access Control Enforcement in Social Network Using Aspect Weaving
Current social network systems support a large range of applications with very different security requirements. Even if available social network solutions provide some security functionalities, users do not control these functionalities and cannot customize them to handle their specific security needs. In this paper, we suggest a new approach to handle these issues. This approach is based on As...
متن کاملStronger Enforcement of Security Using AOP and Spring AOP
An application security has two primary goals: first, it is intended to prevent unauthorised personnel from accessing information at higher classification than their authorisation. Second, it is intended to prevent personnel from declassifying information. Using an object oriented approach to implementing application security results not only with the problem of code scattering and code tanglin...
متن کاملApplication - Oriented Security Policies and theirCompositionVirgil
We deene the notion of the application-oriented security policy and suggest that it diiers from that of a system-level, global security policy. We view a policy as a conjunction of security properties and argue that these properties are not always independent and, hence, cannot be analyzed (e.g., composed) individually. We also argue that some necessary policy properties fall outside of the Alp...
متن کامل