Aspectizing java access control

Autor: Éric Tanter, Angel Núñez, Rodolfo Toledo, Jacques Noyé
Přispěvatelé: Departemento de Ciencias de la Computacion [Santiago] (DCC), Universidad de Chile = University of Chile [Santiago] (UCHILE), Laboratoire d'Informatique de Nantes Atlantique (LINA), Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN), Aspect and composition languages (ASCOLA), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Département informatique - EMN, Mines Nantes (Mines Nantes)-Mines Nantes (Mines Nantes)-Laboratoire d'Informatique de Nantes Atlantique (LINA), Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Université de Nantes (UN), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Département informatique - EMN, Mines Nantes (Mines Nantes)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)
Jazyk: angličtina
Rok vydání: 2012
Předmět:
Zdroj: IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
Artículos CONICYT
CONICYT Chile
instacron:CONICYT
IEEE Transactions on Software Engineering
IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers, 2011, 38 (1), pp.101-117. ⟨10.1109/TSE.2011.6⟩
IEEE Transactions on Software Engineering, 2011, 38 (1), pp.101-117. ⟨10.1109/TSE.2011.6⟩
ISSN: 0098-5589
DOI: 10.1109/TSE.2011.6⟩
Popis: It is inevitable that some concerns crosscut a sizeable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: It is difficult to be confident about the security of an application when the implementation of its security-related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a nonmodular implementation based on runtime stack inspection. We describe the process of modularizing access control in Java by means of Aspect-Oriented Programming (AOP). We first show a solution based on AspectJ, the most popular aspect-oriented extension to Java, that must rely on a separate automata infrastructure. We then put forward a novel solution via dynamic deployment of aspects and scoping strategies. Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy. However, relying on expressive scope control results in a compact implementation, which, at the same time, permits the straightforward expression of even more interesting policies. These new modular implementations allowed by AOP alleviate maintenance and evolution issues produced by the crosscutting nature of access control.
Databáze: OpenAIRE
Externí odkaz: