Static Enforcement of Role-Based Access Control
نویسندگان
چکیده
We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system’s architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملRole-Based-Access-Control: A Novel Approach
We present a novel static approach to Role-Based Access Control policy enforcement. The static approach we advocate includes a novel design methodology, for applications involving RBAC, which integrates the security requirements into the system’s architecture. We apply this novel methodology to policies restricting calls to methods in Java applications. We present a language to express RBAC pol...
متن کاملStatic Enforcement of Role-Based Access Control on Method Invocation
We propose a new static approach to RBAC policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system’s architecture, helping to ensure that policies are correctly defined and enforced. We apply this new approach to policies restricting calls to methods in Java applications. How...
متن کاملHybrid Enforcement of Category-Based Access Control
Access control policies often are partly static, i.e. no dependence on any run-time information, and partly dynamic. However, they are usually enforced dynamically even the static parts. We propose a new hybrid approach to policy enforcement in the Category-Based Access Control (CBAC) meta-model. We build on previous work, which established a static system for the enforcement of (static) hierar...
متن کاملAn Approach to Dynamic Domain and Type Enforcement
Trusted virtual machines based on statically conngured security models are either too restrictive, or too open an environment for many types of applications. The domain and type enforcement model of mandatory access control is a static approach to security that supports the principle of least privilege. We propose a dynamically conngurable variant of domain and type enforcement, in which access...
متن کامل