Jeffrey Fischer scite author profile

Marino

et al. 2009

Abstract. Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional RBAC frameworks like Java's Enterprise Edition rely solely on dynamic checks, which makes application code fragile and difficult to ensure correct. We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model for object-oriented languages. ORBAC resolves the expressiveness limitations of RBAC by allowing roles to be parameterized by properties of the business objects being manipulated. We formalize and prove sound a dependent type system that statically validates a program's conformance to an ORBAC policy. We have implemented our type system for Java and have used it to validate fine-grained access control in the OpenMRS medical records system.

show abstract

Ensuring consistency in long running transactions

2007

Flow composition languages permit the construction of longrunning transactions from collections of independent atomic services. Due to environmental limitations, such transactions usually cannot be made to conform to standard ACID semantics. We propose set consistency, a powerful, yet intuitive, notion of consistency for long-running transactions. Set consistency considers the collection of permanent (nonintermittent) changes made by a process, when viewed at the end of its execution. Consistency requirements for such collections of changes are specified as predicates over the atomic actions of a process. Set consistency generalizes selfcancellation, a standard consistency requirement for longrunning transactions, where failed processes are responsible for undoing any partially completed work. Set consistency can also express strictly stronger requirements, such as mutual exclusion or dependency.We show that the set consistency verification problem for processes is co-NP complete and present an algorithm for verifying set consistency by reduction to propositional validity. We have implemented this algorithm and demonstrate the value and tractability of our approach on three real-world case studies. In each case, the consistency requirements can be verified within a second, demonstrating the practicality of our approach.

show abstract

A Theory of Role Composition

2008

Engage

Fischer¹,

Esmaeilsabzali

2012

Many modern applications are built by combining independently developed packages and services that are distributed over many machines with complex inter-dependencies. The assembly, installation, and management of such applications is hard, and usually performed either manually or by writing customized scripts. We present Engage, a system for configuring, installing, and managing complex application stacks. Engage consists of three components: a domain-specific model to describe component metadata and intercomponent dependencies; a constraint-based algorithm that takes a partial installation specification and computes a full installation plan; and a runtime system that co-ordinates the deployment of the application across multiple machines and manages the deployed system. By explicitly modeling configuration metadata and intercomponent dependencies, Engage enables static checking of application configurations and automated, constraint-driven, generation of installation plans across multiple machines. This reduces the tedious manual process of application configuration, installation, and management.We have implemented Engage and we have used it to successfully host a number of applications. We describe our experiences in using Engage to manage a generic platform that hosts Django applications in the cloud or on premises.

show abstract

The Consistency of Web Conversations

Sorrentino

2008