A holistic approach for access control policies: from formal specification to aspect-based enforcement

We present in this paper a novel approach to non-functional safety properties, combining formal methods and Aspect-Oriented Programming (AOP). The approach supports both the formal specification and the enforcement of such properties through runtime monitoring. We apply our approach for security policies and especially Role-Based Access Control (RBAC) policies including application-specific constraints such as separation of duties and delegation. For formal specification, we introduce TemporalZ, a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC policies. For the enforcement, we generate automatically modular enforcement code out of the formal specification using the aspect-oriented language ALPHA.

[1]  Slim Kallel,et al.  From Formal Access Control Policies to Runtime Enforcement Aspects , 2009, ESSoS.

[2]  Gail-Joon Ahn,et al.  Specification and classification of role-based authorization policies , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[3]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[4]  Slim Kallel,et al.  Specifying and Monitoring Temporal Properties in Web Services Compositions , 2009, 2009 Seventh IEEE European Conference on Web Services.

[5]  Hanêne Ben-Abdallah,et al.  Formally specified monitoring of temporal properties , 1999, Proceedings of 11th Euromicro Conference on Real-Time Systems. Euromicro RTS'99.

[6]  Ravi S. Sandhu,et al.  RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control" , 2007, IEEE Security & Privacy.

[7]  Kung Chen Using dynamic aspects for delegating fine-grained access rights , 2005, 12th Asia-Pacific Software Engineering Conference (APSEC'05).

[8]  Thomas Colcombet,et al.  Enforcing trace properties by program transformation , 2000, POPL '00.

[9]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[10]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[11]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[12]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[13]  Slim Kallel,et al.  Combining Formal Methods and Aspects for Specifying and Enforcing Architectural Invariants , 2007, COORDINATION.

[14]  Úlfar Erlingsson,et al.  The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[15]  Slim Kallel,et al.  Aspect-based enforcement of formal delegation policies , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[16]  Andreas Schaad Detecting conflicts in a role-based delegation model , 2001, Seventeenth Annual Computer Security Applications Conference.

[17]  Slim Kallel,et al.  ForMAAD Method: An Experimental Design for Air Traffic Control , 2006, Int. Trans. Syst. Sci. Appl..

[18]  Volker Stolz,et al.  Temporal Assertions using AspectJ , 2006, Electron. Notes Theor. Comput. Sci..

[19]  Mira Mezini,et al.  Expressive Pointcuts for Increased Modularity , 2005, ECOOP.

[20]  Lujo Bauer,et al.  Enforcing Non-safety Security Policies with Program Monitors , 2005, ESORICS.

[21]  Wouter Joosen,et al.  Implementing a modular access control service to support application-specific policies in CaesarJ , 2005, AOMD '05.