A Pattern System for Access Control

In order to develop trustworthy information systems, security aspects should be considered from the early project stages. This is particularly true for authorization and access control services, which decide which users can access which parts of the system and in what ways. Software patterns have been used with success to encapsulate best practices in software design. A good collection of patterns is an invaluable aid in designing new systems by inexperienced developers and is also useful to teach and understand difficult problems. Following in this direction, this paper presents a pattern system to describe authorization and access control models. First, we present a set of patterns that include a basic authorization pattern that is the basis for patterns for the well-established discretionary and role-based access control models. Metadata access control models have appeared recently to address the high flexibility requirements of open, heterogeneous systems, such as enterprise or e-commerce portals. These models are complex and we use the basic patterns to develop a set of patterns for metadata-based access control.

[1]  Martin Fowler,et al.  Analysis patterns - reusable object models , 1996, Addison-Wesley series in object-oriented software engineering.

[2]  Eduardo B. Fernandez,et al.  The Authenticator Pattern , 1999 .

[3]  William J. Brown,et al.  AntiPatterns and Patterns in Software Configuration Management , 1999 .

[4]  Eduardo B. Fernandez,et al.  Layers and non-functional patterns , 2003 .

[5]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[6]  A Min Tjoa,et al.  Access Controls by Object-Oriented Concepts , 1997, DBSec.

[7]  Indrakshi Ray,et al.  Using Parameterized UML to Specify and Compose Access Control Models , 2003, IICIS.

[8]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .

[9]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[10]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[11]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[12]  Ehud Gudes,et al.  A Method-Based Authorization Model for Object-Oriented Databases , 1993, Security for Object-Oriented Systems.

[13]  Günther Pernul,et al.  CSAP - An Adaptable Security Module for the E-Government System Webocrat , 2003, SEC.

[14]  Elisa Bertino,et al.  An authorization system for digital libraries , 2002, The VLDB Journal.

[15]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[17]  Elisa Bertino,et al.  A Content-Based Authorization Model for Digital Libraries , 2002, IEEE Trans. Knowl. Data Eng..

[18]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[19]  Dan Brickley,et al.  Resource Description Framework (RDF) Model and Syntax Specification , 2002 .

[20]  Günther Pernul,et al.  Administration of an RBAC system , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[21]  Joachim Biskup Credential-basierte Zugriffskontrolle: Wurzeln und ein Ausblick , 2002, GI Jahrestagung.

[22]  Günther Pernul,et al.  Towards integrative enterprise knowledge portals , 2003, CIKM '03.

[23]  Klaus R. Dittrich,et al.  Discretionary Access Control in Structurally Object-Oriented Database Systems , 1988, DBSec.

[24]  Ricardo Dahab,et al.  Tropyc: A Pattern Language for Cryptographic Software , 1998 .

[25]  Eduardo B. Fernandez,et al.  The Object Filter and Access Control Framework , 2000 .

[26]  Eduardo B. Fernandez,et al.  Comparing the Security Architectures of Sun ONE and Microsoft .NET , 2004 .

[27]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .