Re-engineering Security as a Crosscutting Concern

Welch, Ian; Stroud, Robert J.

doi:10.1093/comjnl/46.5.578

Cited by 7 publications

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence the flexibility and extensibility of the aspect-orientated paradigm is highly conducive to these types of modifications and extensions. (Rits, 2003), (Robinson et al, 2004), , , (Shreyas, 2003), , (Viega et al, 2001), , (Welch and Stroud, 2003),…”

Section: Discussionmentioning

confidence: 99%

A Taxonomy Of Aspect-Oriented Security

Padayachee

Wakaba

2008

RBIS

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

A Taxonomy Of Aspect-Oriented Security

Padayachee

Wakaba

2008

RBIS

View full text Add to dashboard Cite

“…Welch and Stroud [42] propose an architectural model for modularizing security concerns using reflective security architecture for distributed computing. They compare a thirdparty application secured through inheritance and the proxy pattern with a re-engineered version that uses bytecode manipulation, obtaining a code reduction and a degree of separation of concerns that is not complete.…”

Section: Academic Authorization Frameworkmentioning

confidence: 99%

A Modularity and Extensibility Analysis on Authorization Frameworks

Guerra

Silva

Fernandes

2016

J. Inf. Secur. Cryptogr.

View full text Add to dashboard Cite

Authorization in its most basic form can be reduced to a simple question: “May a subject X access an object Y?” The attempt to implement an adequate response to this authorization question has produced many access control models and mechanisms. The development of the authorization mechanisms usually employs frameworks, which usually implements one access control model, as a way of reusing larger portions of software. However, some authorization requirements, present on recent applications, have demanded for software systems to be able to handle security policies of multiple access control models. Industry has resolved this problem in a pragmatic way, by using the framework to solve part of the problem, and mingling business and the remaining authorization concerns into the code. The main goal of this paper is to present a comparative analysis between the existing frameworks developed either within the academic and industry environments. This analysis uses a motivating example to present the main industry frameworks and consider the fulfillment of modularity, extensibility and granularity requirements facing its suitability for the existing access control models. This analysis included the Esfinge Guardian framework, which is an open source framework developed by the authors that provides mechanisms that allows its extension to implement and combine different authorization models.

show abstract