Software Architectural Alternatives for User Role-Based Security Policies
نویسندگان
چکیده
Security concerned users and organizations must be provided with the means to protect and control access to object-oriented software, especially with an exploding interest in designing/developing object-oriented software in Java, C++, and Ada95. Our user-role based security (URBS) approach has emphasized: a customizable public interface that appears di erently at di erent times for speci c users; security policy speci cation via a role hierarchy to organize and assign privileges based on responsibilities; and, extensible/reusable URBS enforcement mechanisms. This paper expands our previous work in URBS for an object-oriented framework by exploring software architectural alternatives for realizing enforcement, with the support of assurance and consistency as a key concern for security policies that evolve and change.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملMemory-Centric Security Architecture
This paper presents a new security architecture for protecting software confidentiality and integrity. Different from the previous process-centric systems designed for the same purpose, the new architecture ties cryptographic properties and security attributes to memory instead of each individual user process. The advantages of such a memory centric design are many folds. First, it provides a b...
متن کاملExtending RBAC Model to Control Sequences of CRUD Expressions
In database applications, access control is aimed at supervising users’ requests to access sensitive data. Users’ requests are mainly formalized by Create, Read, Update and Delete (CRUD) expressions. The supervision process can be formalized at a high level, such as based on the RBAC model, but in the end the relevant aspect is the data being accessed through each CRUD expression. In critical d...
متن کاملModeling Secure Architectural Connector with UML 2.0
Security is one of the most important quality attributes in software architecture. Previous modeling approaches provide insufficient support for an in-depth treatment of security. They lack the ability to model important security concepts. Also they are based on formal syntaxes such as using ADLs. This paper presents a more comprehensive treatment of an important security aspect, access control...
متن کاملA Paradigm for User-Defined Security Policies
One of today's major challenges in computer security is the ever-increasing multitude of individual, application-speciic security requirements. As a positive consequence , a wide variety of security policies has been developed , each policy reeecting the speciic needs of individual applications. As a negative consequence, the integration of the multitude of policies into today's system platform...
متن کامل