Aspect oriented approach to improvement role based access control systems

The important for Security system designs are required to be flexible enough to support multiple policies. While there are some approaches for implementing several different policies, how to support different models within the same policy family has not been answered with a satisfying solution. This is partly due to the limitation of traditional techniques for designing protection mechanisms, which decompose a system into units of functionality. Unlike the implementation of a new policy, extending a design to support a policy variant involves reusing some implemented functions. With traditional programming techniques it is inevitable to modify the existing functional units directly. In terms of object-orientation, such modifications include introducing new attributes, new member functions, and new definition of existing member functions. These are threats to the good modularity necessary to a flexible design. We propose an aspect-oriented approach to address the problem of supporting different models within the same policy family and to provide flexibility in security system design. As a case study, we present an aspect-oriented design framework for CORBA Access Control subsystem that supports different role-based access control models.

[1]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[2]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[3]  Yi Deng,et al.  A framework for implementing role-based access control using CORBA security service , 1999, RBAC '99.

[4]  Joseph D. Gradecki,et al.  Mastering AspectJ: Aspect-Oriented Programming in Java , 2003 .

[5]  Wouter Joosen,et al.  How secure is AOP and what can we do about it? , 2006, SESS '06.

[6]  Ramaswamy Chandramouli Implementation of Multiple Access Control Policies within a CORBASEC framework , 1999 .

[7]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[8]  Tzilla Elrad,et al.  UML PROFILE FOR ASPECT-ORIENTED SOFTWARE DEVELOPMENT , 2003 .

[9]  Wouter Joosen,et al.  On the importance of the separation-of-concerns principle in secure software engineering , 2003 .

[10]  Carliss Baldwin The power of modularity: the financial consequences of computer and code architecture , 2006, AOSD '06.

[11]  Ulrich Lang,et al.  Access policies for middleware , 2003 .

[12]  Jeffrey M. Voas,et al.  Quality Time - Can Aspect-Oriented Programming Lead to More Reliable Software? , 2000, IEEE Softw..

[13]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[14]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[15]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[16]  Arturo Sanchez,et al.  Incorporating Aspects into the UML , 2003 .