Achieving dynamicity in security policies enforcement using aspects

The dynamic configuration and evolution of large-scale heterogeneous systems has made the enforcement of security requirements one of the most critical phases throughout the system development lifecycle. In this paper, we propose a framework architecture to associate the security policies with the s...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:International journal of information security Ročník 17; číslo 1; s. 83 - 103
Hlavní autoři: Ayed, Samiha, Idrees, Muhammad Sabir, Cuppens, Nora, Cuppens, Frederic
Médium: Journal Article
Jazyk:angličtina
Vydáno: Berlin/Heidelberg Springer Berlin Heidelberg 01.02.2018
Springer Nature B.V
Témata:
Access
Access control
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer programming
Computer Science
Cryptology
Deployment
Enforcement
Frame analysis
Management of Computing and Information Systems
Modularity
Networks
Operating Systems
Policies
Regular Contribution
Security
Specification
Access control
Usage control
Deployment
AOP
Security policies
ISSN:1615-5262, 1615-5270
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The dynamic configuration and evolution of large-scale heterogeneous systems has made the enforcement of security requirements one of the most critical phases throughout the system development lifecycle. In this paper, we propose a framework architecture to associate the security policies with the specification and the execution phases of applications defined for these systems. Our proposed framework is based on an aspect-oriented programming approach and on the organization-based access control model to dynamically enforce and manage the access and the usage control. The deployment of the framework modules, proposed in this paper, takes into account the changes that may occur in the security policy during the application execution. We also present the implementation as well as the evaluation of our proposition.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-016-0357-6