Anderson Santana de Oliveira, Eric Ke Wang, Claude Kirchner, Hélène Kirchner:
Weaving Rewrite-Based Access Control Policies.
Abstract
Access control is a central issue among the overall security
goals of information systems. Despite of the existence of a vast
literature on the subject, it is still very hard to assure the compliance
of a large existing system to a given dynamic access control policy. Based
on our previous work on formal islands, we provide in this paper a
systematic methodology to weave dynamic, formally specified policies on
existing applications using aspect-oriented programming. To that end,
access control policies are formalized using term rewriting systems,
allowing us to have an agile, modular, and precise way to specify and to
ensure their formal termination. These high-level descriptions are then
weaved into the existing code, in a manner that the resulting program
implements a safe reference monitor for the specified policy. For
developers, this provides a systematic process to enforce dynamic policies
in a modular and flexible way. Since policies are independently specified
and checked to be later weaved into various different applications, the
level of reuse is improved. We implemented the approach on test cases with
quite encouraging results.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2007-052
@inproceedings{REWERSE-RP-2007-052, author = {Anderson Santana de Oliveira and Eric Ke Wang and Claude Kirchner and H\'{e}lène Kirchner}, title = {Weaving Rewrite-Based Access Control Policies}, booktitle = {Proceedings of 5th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code, George Mason University, USA (2nd November 2007)}, year = {2007}, pages = {71--80}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2007-052} }