Aspectizing Java Access Control

Rodolfo Toledo 1, * Angel Núñez 2, 3 Éric Tanter 1 Jacques Noyé 2, 3
* Auteur correspondant
3 ASCOLA - Aspect and composition languages
LINA - Laboratoire d'Informatique de Nantes Atlantique, Département informatique - EMN, Inria Rennes – Bretagne Atlantique
Abstract : It is inevitable that some concerns crosscut a sizeable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: it is difficult to be confident about the security of an application when the implementation of its security-related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a non-modular implementation based on runtime stack inspection. We describe the process of modularizing access control in Java by means of Aspect-Oriented Programming (AOP). We first show a solution based on AspectJ, the most popular aspect-oriented extension to Java, that must rely on a separate automata infrastructure. We then put forward a novel solution via dynamic deployment of aspects and scoping strategies. Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy. However, relying on expressive scope control results in a compact implementation, which, at the same time, permits the straightforward expression of even more interesting policies.
Type de document :
Article dans une revue
IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers, 2011, 38 (1), pp.101-117. 〈http://doi.ieeecomputersociety.org/10.1109/TSE.2011.6〉. 〈10.1109/TSE.2011.6〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00567489
Contributeur : Noyé Jacques <>
Soumis le : lundi 21 février 2011 - 13:01:30
Dernière modification le : vendredi 22 juin 2018 - 09:30:00

Identifiants

Citation

Rodolfo Toledo, Angel Núñez, Éric Tanter, Jacques Noyé. Aspectizing Java Access Control. IEEE Transactions on Software Engineering, Institute of Electrical and Electronics Engineers, 2011, 38 (1), pp.101-117. 〈http://doi.ieeecomputersociety.org/10.1109/TSE.2011.6〉. 〈10.1109/TSE.2011.6〉. 〈inria-00567489〉

Partager

Métriques

Consultations de la notice

585