Seamless Secure Development of Systems: From Modeling to Enforcement of Access Control Policies

Author

Parsa, Saeed ; Damanafshan, Morteza

Author_Institution

Iran Univ. of Sci. & Technol., Tehran

fYear

2007

fDate

13-16 May 2007

Firstpage

799

Lastpage

806

Abstract

Despite the emphasis on removing gap between software models and implementation code, there has been made little effort to apply software tools to enforce access control models directly into program code. In this paper the design and implementation of an access control policy enforcement environment is described. Within this environment, view-based access control policies defined in XML Metadata Interchange format are translated into view policy language. The view policy language primitives are then easily translated into Java primitives. At last, these primitives are enforced into Java program code to be secured. Two major benefits of applying the proposed approach for modeling and enforcement of access control policies are rapid development of view-based customized applications and secure enforcement of ordered chain of methods´ executions.

Keywords

Java; XML; authorisation; meta data; software tools; Java primitives; Java program code; XML metadata interchange format; software tools; systems seamless secure development; view policy language; view-based access control policies; Access control; Application software; Bridges; Computer languages; Computer security; Cryptography; Information security; Java; Protection; Software tools;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Systems and Applications, 2007. AICCSA '07. IEEE/ACS International Conference on

Conference_Location

Amman

Print_ISBN

1-4244-1030-4

Electronic_ISBN

1-4244-1031-2

Type

conf

DOI

10.1109/AICCSA.2007.370724

Filename

4231052