Skip to Main content Skip to Navigation
New interface
Journal articles

Aspectizing Java Access Control

Rodolfo Toledo 1, * Angel Núñez 2, 3 Éric Tanter 1 Jacques Noyé 2, 3 
* Corresponding author
3 ASCOLA - Aspect and composition languages
LINA - Laboratoire d'Informatique de Nantes Atlantique, Département informatique - EMN, Inria Rennes – Bretagne Atlantique
Abstract : It is inevitable that some concerns crosscut a sizeable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: it is difficult to be confident about the security of an application when the implementation of its security-related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a non-modular implementation based on runtime stack inspection. We describe the process of modularizing access control in Java by means of Aspect-Oriented Programming (AOP). We first show a solution based on AspectJ, the most popular aspect-oriented extension to Java, that must rely on a separate automata infrastructure. We then put forward a novel solution via dynamic deployment of aspects and scoping strategies. Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy. However, relying on expressive scope control results in a compact implementation, which, at the same time, permits the straightforward expression of even more interesting policies.
Complete list of metadata
Contributor : Noyé Jacques Connect in order to contact the contributor
Submitted on : Monday, February 21, 2011 - 1:01:30 PM
Last modification on : Wednesday, April 27, 2022 - 3:44:04 AM



Rodolfo Toledo, Angel Núñez, Éric Tanter, Jacques Noyé. Aspectizing Java Access Control. IEEE Transactions on Software Engineering, 2011, 38 (1), pp.101-117. ⟨10.1109/TSE.2011.6⟩. ⟨inria-00567489⟩



Record views