Achieving dynamicity in security policies enforcement using aspects

The dynamic configuration and evolution of large-scale heterogeneous systems has made the enforcement of security requirements one of the most critical phases throughout the system development lifecycle. In this paper, we propose a framework architecture to associate the security policies with the specification and the execution phases of applications defined for these systems. Our proposed framework is based on an aspect-oriented programming approach and on the organization-based access control model to dynamically enforce and manage the access and the usage control. The deployment of the framework modules, proposed in this paper, takes into account the changes that may occur in the security policy during the application execution. We also present the implementation as well as the evaluation of our proposition.

[1]  Pascal Fradet,et al.  Aspects of availability: Enforcing timed properties to prevent denial of service , 2010, Sci. Comput. Program..

[2]  Volker Haarslev,et al.  Racer: An OWL Reasoning Agent for the Semantic Web , 2003 .

[3]  Wouter Joosen,et al.  A permission system for secure AOP , 2010, AOSD.

[4]  Dianxiang Xu,et al.  Aspect-oriented specification of threat-driven security requirements , 2008, Int. J. Comput. Appl. Technol..

[5]  Martin J. O'Connor,et al.  SQWRL: A Query Language for OWL , 2009, OWLED.

[6]  Thomas Ledoux,et al.  Aspect-Oriented Software Development , 2003 .

[7]  Yliès Falcone,et al.  Towards Automatic Integration of Or-BAC Security Policies Using Aspects , 2010, Software Engineering Research and Practice.

[8]  Nora Cuppens-Boulahia,et al.  Adaptive Access Control Enforcement in Social Network Using Aspect Weaving , 2012, DASFAA Workshops.

[9]  Kevin W. Hamlen,et al.  Disambiguating aspect-oriented security policies , 2010, AOSD.

[10]  Karthikeyan Ponnalagu,et al.  Aspect-oriented Approach for Non-functional Adaptation of Composite Web Services , 2007, 2007 IEEE Congress on Services (Services 2007).

[11]  Céline Coma Interopérabilité et cohérence de politiques de sécurité pour les réseaux auto-organisants , 2009 .

[12]  Eric Wohlstadter,et al.  Enforcing security for desktop clients using authority aspects , 2009, AOSD '09.

[13]  Muhammad Sabir Idrees,et al.  Evolving Security Requirements in Multi-layered Service-Oriented-Architectures , 2011, DPM/SETOP.

[14]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[15]  Steve Vinoski,et al.  Advanced Message Queuing Protocol , 2006, IEEE Internet Computing.

[16]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[17]  F. Autrel,et al.  MotOrBAC 2 : a security policy tool , 2008 .

[18]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[19]  Prabir Bhattacharya,et al.  The dataflow pointcut: a formal and practical framework , 2009, AOSD '09.

[20]  Edward Curry,et al.  Message‐Oriented Middleware , 2005 .

[21]  Tzilla Elrad,et al.  Aspect-Oriented Software Development , 2004 .

[22]  Nora Cuppens-Boulahia,et al.  Security Aspects: A Framework for Enforcement of Security Policies Using AOP , 2013, 2013 International Conference on Signal-Image Technology & Internet-Based Systems.

[23]  Ian Horrocks,et al.  OWL-QL - a language for deductive query answering on the Semantic Web , 2004, J. Web Semant..

[24]  Anthony Finkelstein,et al.  Weaving aspects into Web service orchestrations , 2005, IEEE International Conference on Web Services (ICWS'05).

[25]  Nora Cuppens-Boulahia,et al.  High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.

[26]  Nora Cuppens-Boulahia,et al.  Formal enforcement and management of obligation policies , 2012, Data Knowl. Eng..

[27]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[28]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.