Secure software architecture approach for role-based access control using aspect-oriented design
Organizations define and enforce AC policies to protect sensitive information resources. The policy imposes requirements to ensure that only authorized users have access to the sensitive information resources. Normally, systems for various applications operate with different access control requireme...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2010
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/70802/1/FSKTM%202010%2011%20UPMIR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.70802 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.708022021-09-07T01:17:10Z Secure software architecture approach for role-based access control using aspect-oriented design 2010-09 Saeed Hazaa, Muneer Abdullah Organizations define and enforce AC policies to protect sensitive information resources. The policy imposes requirements to ensure that only authorized users have access to the sensitive information resources. Normally, systems for various applications operate with different access control requirements. Currently, there exist different AC models to fulfill different requirements, such as mandatory access control (MAC) model, discretionary access control (DAC) model, the Chinese Wall model, and Role-based Access Control (RBAC) model. Consequently, a general AC service means that it supports multiple AC models, hence satisfying different applications. Moreover, access control presents itself as a crosscutting concern, that is, it spans multiple object-oriented classes. However, implementing the access control requirements with the conventional object-oriented technique does not fully fulfil the modularization of crosscutting functionality. Because of different access control requirements, access control services should be flexible and extensible. This thesis proposes a framework for role-based access control mechanism for RBAC using an aspect-oriented technique at architectural level. An aspect-oriented technique provides the explicit means to modularize crosscutting concerns in modularity units called aspects. Aspect-oriented technique could encapsulate the access control services as crosscutting concerns. RBAC is selected as the model since it is a well accepted AC model. Instead of individually implementing the mechanism supporting individual AC models, a more general AC service can be designed by supporting the RBAC model only. Thus, the framework provides flexibility in designing a secure system using rolebased access control (RBAC) model. Moreover, an aspect-based role-based access control framework for CORBA authentication services has also been developed and formally verified. Two case studies have been implemented to verify the workability and the security properties of the proposed framework. In the case studies, the core RBAC mechanism in the framework was organized in an object-oriented design, while each extension was captured as an aspect. This has resulted in a flexible and modularized framework that supports modularization of crosscutting functionality. This framework can be easily extended to fit any new access control requirements. The thesis uses the Predicate/Transition Net (PrTN) to formally verify security properties of the proposed framework. The formal specification written in PrTN was translated into Promela, and verified using SPIN model checker. The security properties of the case studies were correct as expressed in temporal logic formulas. Software architecture Computers - Access control Electronic information resources - Access control 2010-09 Thesis http://psasir.upm.edu.my/id/eprint/70802/ http://psasir.upm.edu.my/id/eprint/70802/1/FSKTM%202010%2011%20UPMIR.pdf text en public doctoral Universiti Putra Malaysia Software architecture Computers - Access control Electronic information resources - Access control Abd Ghani, Abdul Azim |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English |
| advisor |
Abd Ghani, Abdul Azim |
| topic |
Software architecture Computers - Access control Electronic information resources - Access control |
| spellingShingle |
Software architecture Computers - Access control Electronic information resources - Access control Saeed Hazaa, Muneer Abdullah Secure software architecture approach for role-based access control using aspect-oriented design |
| description |
Organizations define and enforce AC policies to protect sensitive information resources. The policy imposes requirements to ensure that only authorized users have access to the sensitive information resources. Normally, systems for various applications operate with different access control requirements. Currently, there exist different AC models to fulfill different requirements, such as mandatory access control (MAC) model, discretionary access control (DAC) model, the Chinese Wall model, and Role-based Access Control (RBAC) model. Consequently, a general AC service means that it supports multiple AC models, hence satisfying different applications. Moreover, access control presents itself as a crosscutting concern, that is, it spans multiple object-oriented classes. However, implementing the access control requirements with the conventional object-oriented technique does not fully fulfil the modularization of crosscutting functionality. Because of different access control requirements, access control services should be flexible and extensible. This thesis proposes a framework for role-based access control mechanism for RBAC using an aspect-oriented technique at architectural level. An aspect-oriented technique provides the explicit means to modularize crosscutting concerns in modularity units called aspects. Aspect-oriented technique could encapsulate the access control services as crosscutting concerns. RBAC is selected as the model since it is a well accepted AC model. Instead of individually implementing the mechanism supporting individual AC models, a more general AC service can be designed by supporting the RBAC model only. Thus, the framework provides flexibility in designing a secure system using rolebased access control (RBAC) model. Moreover, an aspect-based role-based access control framework for CORBA authentication services has also been developed and formally verified. Two case studies have been implemented to verify the workability and the security properties of the proposed framework. In the case studies, the core RBAC mechanism in the framework was organized in an object-oriented design, while each extension was captured as an aspect. This has resulted in a flexible and modularized framework that supports modularization of crosscutting functionality. This framework can be easily extended to fit any new access control requirements. The thesis uses the Predicate/Transition Net (PrTN) to formally verify security properties of the proposed framework. The formal specification written in PrTN was translated into Promela, and verified using SPIN model checker. The security properties of the case studies were correct as expressed in temporal logic formulas. |
| format |
Thesis |
| qualification_level |
Doctorate |
| author |
Saeed Hazaa, Muneer Abdullah |
| author_facet |
Saeed Hazaa, Muneer Abdullah |
| author_sort |
Saeed Hazaa, Muneer Abdullah |
| title |
Secure software architecture approach for role-based access control using aspect-oriented design |
| title_short |
Secure software architecture approach for role-based access control using aspect-oriented design |
| title_full |
Secure software architecture approach for role-based access control using aspect-oriented design |
| title_fullStr |
Secure software architecture approach for role-based access control using aspect-oriented design |
| title_full_unstemmed |
Secure software architecture approach for role-based access control using aspect-oriented design |
| title_sort |
secure software architecture approach for role-based access control using aspect-oriented design |
| granting_institution |
Universiti Putra Malaysia |
| publishDate |
2010 |
| url |
http://psasir.upm.edu.my/id/eprint/70802/1/FSKTM%202010%2011%20UPMIR.pdf |
| _version_ |
1747812910918270976 |