Access Control: Policies, Models, and Mechanisms

Abstract. Integrating security concerns throughout the whole software development process is one of today's challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve technical problems but also to reason on the organization as a whole. This makes the usage of traditional software engineering methologies difficult or unsatisfactory: most proposals focus on protection aspects of security and explicitly deal with low level protection mechanisms and only an handful of them show the ability of capturing the high-level organizational security requirements, without getting suddenly bogged down into security protocols or cryptography algorithms. In this paper we critically review the state of the art in security requirements engineering and discuss the motivations that led us to propose the Secure Tropos methodology, a formal framework for modelling and analyzing security, that enhances the agent-oriented software development methodology i*/Tropos. We illustrate the Secure Tropos approach, a comprehensive case study, and discuss some later refinements of the Secure Tropos methodology to address some of its shortcomings. Finally, we introduce the ST-Tool, a CASE tool that supports our methodology.

show abstract

“…[15,39,50] are true then L may be true. Essentially, L will be added to the model only if some constraints demand its inclusion.…”

Section: Automated Reasoning In Srementioning

confidence: 99%

Security and Trust Requirements Engineering

Giorgini

Massacci

Zannone

2005

Foundations of Security Analysis and Design III

View full text Add to dashboard Cite

show abstract

“…One salient example is security enforcement, such as access control [48], which can be handled by aspects. In particular, stack-based access control, as provided in Java, requires inspecting the call stack to determine whether a resource can be accessed or not; aspectizing these mechanisms requires pointcuts to access the call context [58].…”

Section: Dealing With Causalitymentioning

confidence: 99%

Chemical foundations of distributed aspects

Tabareau

Tanter

2018

Distrib. Comput.

View full text Add to dashboard Cite

Distributed applications are challenging to program because they have to deal with a plethora of concerns, including synchronization, locality, replication, security and fault tolerance. Aspect-oriented programming (AOP) is a paradigm that promotes better modularity by providing means to encapsulate crosscutting concerns in entities called aspects. Over the last years, a number of distributed aspect-oriented programming languages and systems have been proposed, illustrating the benefits of AOP in a distributed setting.Chemical calculi are particularly well-suited to formally specify the behavior of concurrent and distributed systems. The join calculus is a functional name-passing calculus, with both distributed and object-oriented extensions. It is used as the basis of concurrency and distribution features in several mainstream languages like C# (Polyphonic C#, now Cω), OCaml (JoCaml), and Scala Joins. Unsurprisingly, practical programming in the join calculus also suffers from modularity issues when dealing with crosscutting concerns.We propose the Aspect Join Calculus, an aspectoriented and distributed variant of the join calculus that addresses crosscutting and provides a formal foundation for distributed AOP. We develop a minimal aspect join calculus that allows aspects to advise chemical reactions. We show how to deal with causal relations in pointcuts and how to support advanced customizable aspect weaving semantics. We also provide the foun-N. Tabareau

show abstract

“…Access control policies can be externalized from the application into a separate artifact that is evaluated by a specialized engine at each access attempt [21]. As opposed to in-code access control, this approach, called policy-based access control, increases modularity, avoids application redeployment when a policy is modified, and provides separation of concerns.…”

Section: Background and Related Workmentioning

confidence: 99%

SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

Bogaerts

Lagaisse

Joosen

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for requestresponse applications, it is not supported for database queries of datadriven applications, especially for attribute-based policies. In particular, search operations for such applications involve poor scalability with regard to the data set size for this approach, because they are influenced by dynamic runtime conditions. This paper proposes a scalable application-level middleware solution that performs runtime injection of the appropriate rules into the original search query, so that the result set of the search includes only items to which the subject is entitled. Our evaluation shows that our method scales far better than current state of practice approach that supports policy-based access control.

show abstract

Access Control: Policies, Models, and Mechanisms

Cited by 452 publications

References 73 publications

Security and Trust Requirements Engineering

Security and Trust Requirements Engineering

Chemical foundations of distributed aspects

SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

Contact Info

Product

Resources

About