正式委托策略的基于方面的实施

2008 Third International Conference on Risks and Security of Internet and Systems Pub Date : 2008-10-01 DOI:10.1109/CRISIS.2008.4757459

Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel

{"title":"正式委托策略的基于方面的实施","authors":"Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel","doi":"10.1109/CRISIS.2008.4757459","DOIUrl":null,"url":null,"abstract":"Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Aspect-based enforcement of formal delegation policies\",\"authors\":\"Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel\",\"doi\":\"10.1109/CRISIS.2008.4757459\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.\",\"PeriodicalId\":346123,\"journal\":{\"name\":\"2008 Third International Conference on Risks and Security of Internet and Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Third International Conference on Risks and Security of Internet and Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CRISIS.2008.4757459\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Risks and Security of Internet and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CRISIS.2008.4757459","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

授权是访问控制系统中的一个强大概念，它允许用户将其全部或部分权限分配给其他用户。到目前为止，已经提出了几种基于角色的访问控制委托模型。然而，大多数现有的工作都集中在委托策略的规范上，很少有在运行时监视和执行这些策略的工作。在本文中，我们使用一种安全方法，结合形式化方法和面向方面的编程来指定和执行委托策略。在我们的方法中，委托模型及其特征是使用TemporalZ正式指定的，它是Z符号和时态逻辑的组合。然后，我们使用定理证明来验证形式规范以确保一致性。最后，我们用面向方面语言ALPHA从TemporalZ规范中自动生成一组方面。这些方面在运行时强制执行指定的委托策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Aspect-based enforcement of formal delegation policies

Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Third International Conference on Risks and Security of Internet and Systems

自引率

0.00%

发文量