Weaving Rewrite-Based Access Control Policies

Anderson Santana de Oliveira 1 Eric Ke Wang Claude Kirchner 1, 2 Hélène Kirchner 1, 2
1 PROTHEO - Constraints, automatic deduction and software properties proofs
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Access control is a central issue among the overall security goals of information systems. Despite of the existence of a vast literature on the subject, it is still very hard to assure the compliance of a large existing system to a given dynamic access control policy. Based on our previous work on formal islands, we provide in this paper a systematic methodology to weave dynamic, formally specified policies on existing applications using aspect-oriented programming. To that end, access control policies are formalized using term rewriting systems, allowing us to have an agile, modular, and precise way to specify and to ensure their formal termination. These high-level descriptions are then weaved into the existing code, in a manner that the resulting program implements a safe reference monitor for the specified policy. For developers, this provides a systematic process to enforce dynamic policies in a modular and flexible way. Since policies are independently specified and checked to be later weaved into various different applications, the level of reuse is improved. We implemented the approach on test cases with quite encouraging results.
Type de document :
Communication dans un congrès
Heiko Mantel, Virgil Gligor. The 5th ACM Workshop on Formal Methods in Security Engineering - FMSE 2007, Nov 2007, Alexandria, United States. 2007
Liste complète des métadonnées

https://hal.inria.fr/inria-00185710
Contributeur : Anderson Santana de Oliveira <>
Soumis le : mardi 6 novembre 2007 - 18:31:13
Dernière modification le : jeudi 11 janvier 2018 - 06:19:58

Identifiants

  • HAL Id : inria-00185710, version 1

Collections

Citation

Anderson Santana de Oliveira, Eric Ke Wang, Claude Kirchner, Hélène Kirchner. Weaving Rewrite-Based Access Control Policies. Heiko Mantel, Virgil Gligor. The 5th ACM Workshop on Formal Methods in Security Engineering - FMSE 2007, Nov 2007, Alexandria, United States. 2007. 〈inria-00185710〉

Partager

Métriques

Consultations de la notice

145