Aspectizing Java Access Control

It is inevitable that some concerns crosscut a sizeable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: It is difficult to be confident about the security of an application when the implementation of its security-related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a nonmodular implementation based on runtime stack inspection. We describe the process of modularizing access control in Java by means of Aspect-Oriented Programming (AOP). We first show a solution based on AspectJ, the most popular aspect-oriented extension to Java, that must rely on a separate automata infrastructure. We then put forward a novel solution via dynamic deployment of aspects and scoping strategies. Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy. However, relying on expressive scope control results in a compact implementation, which, at the same time, permits the straightforward expression of even more interesting policies. These new modular implementations allowed by AOP alleviate maintenance and evolution issues produced by the crosscutting nature of access control.

[1]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[2]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[3]  Andrew W. Appel,et al.  SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[4]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[5]  Rémi Douence,et al.  Expressive scoping of distributed aspects , 2009, AOSD '09.

[6]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[7]  Mourad Debbabi,et al.  An aspect-oriented approach for the systematic security hardening of code , 2008, Comput. Secur..

[8]  Krzysztof Zielinski,et al.  Comparison Study of Aspect-oriented and Container Managed Security , 2003 .

[9]  Hidehiko Masuhara,et al.  A Compilation and Optimization Model for Aspect-Oriented Programs , 2003, CC.

[10]  Jeffrey M. Voas,et al.  Quality Time - Can Aspect-Oriented Programming Lead to More Reliable Software? , 2000, IEEE Softw..

[11]  Bart De Decker,et al.  Security Through Aspect-Oriented Programming , 2001, Network Security.

[12]  Nathanael Schärli,et al.  Object-oriented encapsulation for dynamically typed languages , 2004, OOPSLA.

[13]  Rupak Majumdar,et al.  Fine-Grained Access Control with Object-Sensitive Roles , 2009, ECOOP.

[14]  R. Ramachandran AspectJ for Multilevel Security , 2006 .

[15]  Éric Tanter Execution levels for aspect-oriented programming , 2010, AOSD.

[16]  Eduardo Figueiredo,et al.  EJFlow: taming exceptional control flows in aspect-oriented programming , 2008, AOSD.

[17]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[18]  Marco Pistoia,et al.  Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[19]  Matthias Felleisen,et al.  On the Expressive Power of Programming Languages , 1990, European Symposium on Programming.

[20]  Mira Mezini,et al.  An Overview of CaesarJ , 2006, LNCS Trans. Aspect Oriented Softw. Dev..

[21]  Hidehiko Masuhara,et al.  Dataflow Pointcut in Aspect-Oriented Programming , 2003, APLAS.

[22]  Luo Hong JAVA Security Architecture , 2000 .

[23]  Éric Tanter,et al.  AspectScript: expressive aspects for the web , 2010, AOSD.

[24]  Bart De Decker,et al.  Building frameworks in aspectJ , 2001 .

[25]  Günter Karjoth An operational semantics of Java 2 access control , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[26]  Mourad Debbabi,et al.  New aspect-oriented constructs for security hardening concerns , 2009, Comput. Secur..

[27]  Éric Tanter Expressive scoping of dynamically-deployed aspects , 2008, AOSD.

[28]  Wouter Joosen,et al.  Developing secure applications through aspect-oriented programming , 2004 .

[29]  Éric Tanter,et al.  Beyond static and dynamic scope , 2009, DLS '09.

[30]  Gregor Kiczales,et al.  A semantics for advice and dynamic join points in aspect-oriented programming , 2001, TOPL.

[31]  Éric Tanter,et al.  Access Control in JavaScript , 2011, IEEE Software.

[32]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[33]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[34]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[35]  Lufeng Zhang,et al.  Toward a Reusable and Generic Security Aspect Library , 2004 .

[36]  Valentina Casola,et al.  Java security architecture , 2010 .

[37]  Prabir Bhattacharya,et al.  The dataflow pointcut: a formal and practical framework , 2009, AOSD '09.

[38]  Ian Welch,et al.  Supporting real world security models in Java , 1999, Proceedings 7th IEEE Workshop on Future Trends of Distributed Computing Systems.

[39]  Martín Abadi,et al.  Access Control Based on Execution History , 2003, NDSS.

[40]  Cecília M. F. Rubira,et al.  Exceptions and aspects: the devil is in the details , 2006, SIGSOFT '06/FSE-14.

[41]  Eric Bodden,et al.  Avoiding Infinite Recursion with Stratified Aspects , 2006, NODe/GSEM.

[42]  HardyNorm The Confused Deputy , 1988 .

[43]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[44]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[45]  Bart De Decker,et al.  How aspect-oriented programming can help to build secure software , 2002, Informatica.

[46]  Wouter Joosen,et al.  AOSD & Security: a practical assessment , 2003 .