Journal Article10.1109/TSE.2011.6
Aspectizing Java Access Control
TL;DR: This study describes the process of modularizing access control in Java by means of Aspect-Oriented Programming (AOP), and shows a solution based on AspectJ, the most popular aspect-oriented extension to Java, that must rely on a separate automata infrastructure.
read more
Abstract: It is inevitable that some concerns crosscut a sizeable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: It is difficult to be confident about the security of an application when the implementation of its security-related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a nonmodular implementation based on runtime stack inspection. We describe the process of modularizing access control in Java by means of Aspect-Oriented Programming (AOP). We first show a solution based on AspectJ, the most popular aspect-oriented extension to Java, that must rely on a separate automata infrastructure. We then put forward a novel solution via dynamic deployment of aspects and scoping strategies. Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy. However, relying on expressive scope control results in a compact implementation, which, at the same time, permits the straightforward expression of even more interesting policies. These new modular implementations allowed by AOP alleviate maintenance and evolution issues produced by the crosscutting nature of access control.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Journal Article
An overview of AspectJ
TL;DR: AspectJ as mentioned in this paper is a simple and practical aspect-oriented extension to Java with just a few new constructs, AspectJ provides support for modular implementation of a range of crosscutting concerns.
2.9K
Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation
Philipp Holzinger,Ben Hermann,Johannes Lerch,Eric Bodden,Mira Mezini +4 more
- 22 May 2017
TL;DR: The proposed changes significantly harden the JCL against attacks: they effectively hinder the introduction of new confused-deputy vulnerabilities in future library versions, and successfully restrict the capabilities of attackers when exploiting certain existing vulnerabilities.
15
Secure and modular access control with aspects
Rodolfo Toledo,Éric Tanter +1 more
- 24 Mar 2013
TL;DR: It is demonstrated that it is possible to fully modularize aspect control, even in the presence of untrusted aspects, by describing a self-protecting aspect that secures ModAC and using a core calculus for AspectScript, an aspect-oriented extension of JavaScript, to prove effectiveness and non-interference properties of ModAC.
Advanced Java Wizardry: Delving into Cutting-Edge Concepts for Scalable and Secure Coding
Takudzwa Fadziso,Vishal Reddy Vadiyala,Parikshith Reddy Baddam +2 more
TL;DR: This study provides developers with the information and skills to construct robust and high-performing applications and covers subjects such as microservices architecture, reactive programming, and security best practices, among other topics.
14
An approach for deploying and monitoring dynamic security policies
TL;DR: This paper presents an approach based on the combination of monitoring and detection techniques in order to maintain the correlation between the security policies and the associated functionality deployed using AOP, allowing the INTER-TRUST framework to automatically react when needed.
7
References
•Journal Article
An overview of AspectJ
TL;DR: AspectJ as mentioned in this paper is a simple and practical aspect-oriented extension to Java with just a few new constructs, AspectJ provides support for modular implementation of a range of crosscutting concerns.
2.9K
Enforceable security policies
TL;DR: A precise characterization is given for the class of security policies enforceable with mechanisms that work by monitoring system execution, and automata are introduced for specifying exactly that class ofSecurity policies.
The Chinese Wall security policy
D.F.C. Brewer,M.J. Nash +1 more
- 01 May 1989
TL;DR: The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions and concludes that it is perhaps as significant to the financial world as Bell-LaPadula's policies are to the military.
1K
Access Control: Policies, Models, and Mechanisms
Pierangela Samarati,Sabrina De Capitani di Vimercati +1 more
- 01 Sep 2000
TL;DR: This chapter investigates the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration.
•Journal Article
Access control : Policies, models, and mechanisms
TL;DR: In this article, the basic concepts behind access control design and enforcement are investigated, and different security requirements that may need to be taken into consideration, and several access control policies and models formalizing them are discussed.
643