An aspect-based approach to modeling access control concerns

Specifying, enforcing and evolving access control policies is essential to prevent security breaches and unavailability of resources. These access control design concerns impose requirements that allow only authorized users to access protected computer-based resources. Addressing these concerns in a design results in the spreading of access control functionality across several design modules. The pervasive nature of access control functionality makes it difficult to evolve, analyze, and enforce access control policies. To tackle this problem, we propose using an aspect-oriented modeling(AOM) approach for addressing access control concerns. In the AOM approach, functionality that addresses a pervasive access control concern is localized in an aspect. Other functional design concerns are addressed in a model of the application referred to as a primary model. Composing access control aspects with a primary model results in an application model that addresses access control concerns. We illustrate our approach using a form of Role-Based Access Control. q 2003 Elsevier B.V. All rights reserved.