Static Enforcement of Role-Based Access Control

Asad Ali
Maribel Fernández

We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system's architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.

In Maurice H. ter Beek and António Ravara: Proceedings 10th International Workshop on Automated Specification and Verification of Web Systems (WWV 2014), Vienna, Austria, July 18, 2014, Electronic Proceedings in Theoretical Computer Science 163, pp. 36–50.
Published: 8th September 2014.

ArXived at: https://dx.doi.org/10.4204/EPTCS.163.4 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org