基于角色的访问控制的静态实施

International Workshop on Automated Specification and Verification of Web Sites Pub Date : 2014-09-08 DOI:10.4204/EPTCS.163.4

Asad Ali, M. Fernández

{"title":"基于角色的访问控制的静态实施","authors":"Asad Ali, M. Fernández","doi":"10.4204/EPTCS.163.4","DOIUrl":null,"url":null,"abstract":"We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system's architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.","PeriodicalId":233765,"journal":{"name":"International Workshop on Automated Specification and Verification of Web Sites","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Static Enforcement of Role-Based Access Control\",\"authors\":\"Asad Ali, M. Fernández\",\"doi\":\"10.4204/EPTCS.163.4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system's architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.\",\"PeriodicalId\":233765,\"journal\":{\"name\":\"International Workshop on Automated Specification and Verification of Web Sites\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Workshop on Automated Specification and Verification of Web Sites\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4204/EPTCS.163.4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Workshop on Automated Specification and Verification of Web Sites","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4204/EPTCS.163.4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

我们提出了一种新的基于角色的访问控制(RBAC)策略执行的静态方法。我们提倡的静态方法包括一种新的设计方法，用于涉及RBAC的应用程序，它将安全需求集成到系统的体系结构中。我们将这种新方法应用于限制对Java应用程序中方法调用的策略。我们提供了一种语言来表达Java中调用方法时的RBAC策略，一组Java程序必须遵循的设计模式，以便静态执行策略，以及静态验证器为静态执行所做的检查的描述。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Static Enforcement of Role-Based Access Control

We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system's architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Workshop on Automated Specification and Verification of Web Sites

自引率

0.00%

发文量