An Approach for Generation of J2EE Access Control Configurations from Requirements Specification

2008 The Eighth International Conference on Quality Software Pub Date : 2008-08-12 DOI:10.1109/QSIC.2008.4

Lianshan Sun, Gang Huang, Yanchun Sun, Hui Song, Hong Mei

{"title":"An Approach for Generation of J2EE Access Control Configurations from Requirements Specification","authors":"Lianshan Sun, Gang Huang, Yanchun Sun, Hui Song, Hong Mei","doi":"10.1109/QSIC.2008.4","DOIUrl":null,"url":null,"abstract":"Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.","PeriodicalId":6446,"journal":{"name":"2008 The Eighth International Conference on Quality Software","volume":"8 1","pages":"87-96"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 The Eighth International Conference on Quality Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QSIC.2008.4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.

查看原文本刊更多论文

从需求规范生成J2EE访问控制配置的一种方法

对敏感资源进行访问控制是实现信息安全的一种广泛采用的手段。在基于流行的商业组件中间件(如J2EE)构建大型系统时，强制访问控制的一种常用方法是以声明的方式为组件定义访问控制配置。J2EE安全服务可以解释这些配置，以授予或拒绝对组件的访问请求。然而，对于开发人员来说，根据复杂的、有时模棱两可的实际访问控制需求来定义正确的访问控制配置是很困难的。其难点主要来自于大规模组件系统中配置大量组件方法的复杂性和配置的质量约束，如配置的完整性、一致性和性能开销。在本文中，我们提出了一种需求模型驱动的方法，用于自动生成J2EE访问控制配置，并在J2EE蓝图应用程序中演示了该方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 The Eighth International Conference on Quality Software

自引率

0.00%

发文量