{"title":"Aspect-based enforcement of formal delegation policies","authors":"Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel","doi":"10.1109/CRISIS.2008.4757459","DOIUrl":null,"url":null,"abstract":"Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Risks and Security of Internet and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CRISIS.2008.4757459","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
