DocumentCode :
2241827
Title :
An operational semantics of Java 2 access control
Author :
Karjoth, Günter
Author_Institution :
IBM Res. Div., Zurich, Switzerland
fYear :
2000
fDate :
2000
Firstpage :
224
Lastpage :
232
Abstract :
Java 2 Security enhanced with the Java Authentication and Authorization Service (JAAS) provide sophisticated access control features via a user-configurable authorization policy. Fine-grained access control, code-based as well as user-based authorization, and implicit access rights allow the implementation of real-world policies, but of the cost of increased complexity. We provide a formal specification of the Java 2 and JAAS access control model that helps remove ambiguities of the informal definitions. It defines Java 2 access control in terms of an abstract machine, whose behavior is determined by a small set of transition rules. We illustrate the power of Java 2 access control by showing how commonly encountered authorization requirements can be implemented in Java 2
Keywords :
Java; authorisation; finite automata; message authentication; object-oriented programming; JAAS; Java 2 access control; Java Authentication and Authorization Service; Java security; abstract machine; code-based authorization; fine-grained access control; formal specification; implicit access rights; operational semantics; user-based authorization; user-configurable authorization; Access control; Authentication; Authorization; Costs; Data security; Formal specifications; Inspection; Java; Permission; Protection;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Foundations Workshop, 2000. CSFW-13. Proceedings. 13th IEEE
Conference_Location :
Cambridge
ISSN :
1063-6900
Print_ISBN :
0-7695-0671-2
Type :
conf
DOI :
10.1109/CSFW.2000.856939
Filename :
856939
Link To Document :
بازگشت