Secure and modular access control with aspects

Toledo, Rodolfo; Tanter, Éric

doi:10.1145/2451436.2451456

Cited by 9 publications

(3 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An around advice can invoke the original computation of the matched join point, known as the proceed invocation. Examples of crosscutting behaviors that can be modularized using aspects are security [Toledo and Tanter, 2013], logging [Miles, 2004], and event handling [Leger et al, 2013].…”

Section: Use Of Aspects In Sync/ccmentioning

confidence: 99%

Continuations and Aspects to Tame Callback Hell on the Web

Leger¹,

Fukuda²,

Figueroa³

2021

jucs

View full text Add to dashboard Cite

JavaScript is one of the main programming languages to develop highly rich responsive and interactive Web applications. In these kinds of applications, the use of asynchronous operations that execute callbacks is crucial. However, the dependency among nested callbacks, known as callback hell, can make it difficult to understand and maintain them, which will eventually mix concerns. Unfortunately, current solutions for JavaScript do not fully address the aforementioned issue. This paper presents Sync/cc, a JavaScript package that works on modern browsers. This package is a proof-of-concept that uses continuations and aspects that allow developers to write event handlers that need nested callbacks in a synchronous style, preventing callback hell. Unlike current solutions, Sync/cc is modular, succinct, and customizable because it does not require ad-hoc and scattered constructs, code refactoring, or adding ad-hoc implementations such as state machines. In practice, our proposal uses a) continuations to only suspend the current handler execution until the asynchronous operation is resolved, and b) aspects to apply continuations in a non-intrusive way. We test Sync/cc with a management information system that administers courses at a university in Chile.

show abstract

Section: Use Of Aspects In Sync/ccmentioning

confidence: 99%

Continuations and Aspects to Tame Callback Hell on the Web

Leger¹,

Fukuda²,

Figueroa³

2021

jucs

View full text Add to dashboard Cite

show abstract

“…Therefore, our approach can be adapted to use with other security models, e.g., Modular Access Control (ModAC) (Toledo et al, 2012), or Ponder Policy Specification Language (Damianou et al, 2001), by defining the relation between the security policies and the security functionalities to be deployed and the security properties to be monitored. For instance, the use of ModAC instead of OrBAC facilitates the encapsulation of the access control functionality as an aspect (Toledo and Tanter, 2013). However, obligation rules provided by OrBAC allow specifying requirements for any kind of functionality (e.g., encryption, integrity), not only access control functionality.…”

Section: Security Frameworkmentioning

confidence: 99%

An approach for deploying and monitoring dynamic security policies

Horcas

Pinto

Fuentes

et al. 2016

Computers & Security

View full text Add to dashboard Cite

Security policies are enforced through the deployment of certain security functionalities within the applications. When the security policies dynamically change, the associated security functionalities currently deployed within the applications must be adapted at runtime in order to enforce the new security policies. INTER-TRUST is a framework for the specification, negotiation, deployment and dynamic adaptation of interoperable security policies, in the context of pervasive systems where devices are constantly exchanging critical information through the network. The dynamic adaptation of the security policies at runtime is addressed using Aspect-Oriented Programming (AOP) that allows enforcing security requirements by dynamically weaving security aspects into the applications. However, a mechanism to guarantee the correct adaptation of the functionality that enforces the changing security policies is needed. In this paper, we present an approach based on the combination of monitoring and detection techniques in order to maintain the correlation between the security policies and the associated functionality deployed using AOP, allowing the INTER-TRUST framework to automatically react when needed.

show abstract

“…AOP has been used to implement security features: access control [37,47], error detection and handling [28], automatic login [51], hardening the security of existing libraries [32] or preventing buffer overflow [43] are some examples where AOP has been used successfully. AOP proves itself a useful and powerful tool as it allows the expression of security concerns that should apply to the whole application while completely decoupling their specification from the application functionality.…”

Section: Related Work 71 Aspect Oriented Programmingmentioning

confidence: 99%

FlowR

Pasquier

Bacon

Shand

2014

Proceedings of the 13th International Conference on Modularity - MODULARITY '14

View full text Add to dashboard Cite

This paper reports on our experience with providing Information Flow Control (IFC) as a library. Our aim was to support the use of an unmodified Platform as a Service (PaaS) cloud infrastructure by IFC-aware web applications. We discuss how Aspect Oriented Programming (AOP) overcomes the limitations of RubyTrack, our first approach. Although use of AOP has been mentioned as a possibility in past IFC literature we believe this paper to be the first illustration of how such an implementation can be attempted.We discuss how we built FlowR (Information Flow Control for Ruby), a library extending Ruby to provide IFC primitives using AOP via the Aquarium open source library. Previous attempts at providing IFC as a language extension required either modification of an interpreter or significant code rewriting. FlowR provides a strong separation between functional implementation and security constraints which supports easier development and maintenance; we illustrate with practical examples. In addition, we provide new primitives to describe IFC constraints on objects, classes and methods that, to our knowledge, are not present in related work and take full advantage of an object oriented language (OO language).The experience reported here makes us confident that the techniques we use for Ruby can be applied to provide IFC for any Object Oriented Program (OOP) whose implementation language has an AOP library.

show abstract

Secure and modular access control with aspects

Cited by 9 publications

References 28 publications

Continuations and Aspects to Tame Callback Hell on the Web

Continuations and Aspects to Tame Callback Hell on the Web

An approach for deploying and monitoring dynamic security policies

FlowR

Contact Info

Product

Resources

About