Reflective Authorization Systems: Possibilities, Benefits, and Drawbacks

We analyze how to use the reflective approach to integrate an authorization system into a distributed object-oriented framework. The expected benefits from the reflective approach are: more stability of the security layer (i.e., with a more limited number of hidden bugs), better software and development modularity, more reusability, and the possibility to adapt the security module with at most a few changes to other applications. Our analysis is supported by simple and illustrative examples written in Java.

[1]  Helen Custer,et al.  Inside Windows NT , 1992 .

[2]  Winfried E. Kühnhauser,et al.  Adaptability using reflection , 1994, 1994 Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences.

[3]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[4]  Eduardo B. Fernandez,et al.  Database Security and Integrity , 1981 .

[5]  Chris Zimmermann Advances in Object-Oriented Metalevel Architectures and Reflection , 1996 .

[6]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[7]  Walter Cazzola,et al.  Evaluation of Object-Oriented Reflective Models , 1998, ECOOP Workshops.

[8]  Elisa Bertino,et al.  Exception-based information flow control in object-oriented systems , 1998, TSEC.

[9]  Ehud Gudes,et al.  A Method-Based Authorization Model for Object-Oriented Databases , 1993, Security for Object-Oriented Systems.

[10]  Walter Cazzola,et al.  Channel reification: a reflective model for distributed computation , 1998, 1998 IEEE International Performance, Computing and Communications Conference. Proceedings (Cat. No.98CH36191).

[11]  Atul Prakash,et al.  Flexible control of downloaded executable content , 1999, TSEC.

[12]  James Gosling,et al.  The Java Programming Language" The Java Series , 1996 .

[13]  Larry L. Peterson,et al.  Escort: A Path-Based OS Security Architecture , 1997 .

[14]  Pattie Maes,et al.  Concepts and experiments in computational reflection , 1987, OOPSLA '87.

[15]  Walter Cazzola,et al.  Channel Reification: a reflective approach to fault-tolerant software development , 2000 .

[16]  Robert J. Stroud Transparency and reflection in distributed systems , 1992, EW 5.

[17]  Franco Travostino,et al.  Paths: programming with system resources in support of real-time distributed applications , 1996, Proceedings of WORDS'96. The Second Workshop on Object-Oriented Real-Time Dependable Systems.

[18]  E. B. Fernandez,et al.  Determining role rights from use cases , 1997, RBAC '97.

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[20]  Jacques Malenfant,et al.  Reflection in logic, functional and object-oriented programming: a Short Comparative Study , 1995 .