Generation of Role Based Access Control Security Policies for Java Collaborative Applications

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.41

Jérémy Briffaut, Xavier Kauffmann-Tourkestansky, Jean-François Lalande, W. Smari

{"title":"Generation of Role Based Access Control Security Policies for Java Collaborative Applications","authors":"Jérémy Briffaut, Xavier Kauffmann-Tourkestansky, Jean-François Lalande, W. Smari","doi":"10.1109/SECURWARE.2009.41","DOIUrl":null,"url":null,"abstract":"Java collaborative applications are increasingly and widely used in the form of applets or servlets, as a way to easily download and execute small programs on one's computer. However, security associated with these downloaded applications, even if it exists, is not easily manageable. Most of the time, it relies on the user's ability to define a security policy for his virtual machine, which is undesirable. This paper proposes to integrate an RBAC mechanism for any Java application. It introduces a simple tag process that allows the developer to incorporate the appropriate policy in the source code of his application. The user is endowed with the ability to choose a role that corresponds to the required level of trust required in order for him to embed the policy in the executed code. A case study of a collaborative application shows how works the proposed API for managing roles, generating policies and logging in. At the end, a discussion about the dynamic enforcement of the generated policies is presented.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.41","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Java collaborative applications are increasingly and widely used in the form of applets or servlets, as a way to easily download and execute small programs on one's computer. However, security associated with these downloaded applications, even if it exists, is not easily manageable. Most of the time, it relies on the user's ability to define a security policy for his virtual machine, which is undesirable. This paper proposes to integrate an RBAC mechanism for any Java application. It introduces a simple tag process that allows the developer to incorporate the appropriate policy in the source code of his application. The user is endowed with the ability to choose a role that corresponds to the required level of trust required in order for him to embed the policy in the executed code. A case study of a collaborative application shows how works the proposed API for managing roles, generating policies and logging in. At the end, a discussion about the dynamic enforcement of the generated policies is presented.

查看原文本刊更多论文

基于角色的Java协作应用访问控制安全策略的生成

Java协作应用程序越来越广泛地以applet或servlet的形式使用，作为在计算机上轻松下载和执行小程序的一种方式。然而，与这些下载的应用程序相关联的安全性，即使存在，也不容易管理。大多数情况下，它依赖于用户为其虚拟机定义安全策略的能力，这是不可取的。本文建议为任何Java应用程序集成RBAC机制。它引入了一个简单的标记过程，允许开发人员将适当的策略合并到其应用程序的源代码中。用户可以选择与所需信任级别相对应的角色，以便将策略嵌入到执行的代码中。一个协作应用程序的案例研究展示了提议的API如何管理角色、生成策略和登录。最后，对生成策略的动态执行进行了讨论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量