An architectural model for access control frameworks extensible for different authorization models

Detalhes bibliográficos
Autor(a) principal: Jefferson de Oliveira Silva
Data de Publicação: 2013
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Biblioteca Digital de Teses e Dissertações do ITA
Texto Completo: http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=2840
Resumo: Authorization in its most basic form can be reduced to a simple question: "a subject X may access a resource Y?" A subject is a process, which is the representative of a user or an active external agent in a system. A resource is anything worth protecting such as files or services. The attempt to implement an adequate response to the authorization question has produced many access control models and mechanisms. The development of the authorization mechanisms usually employs frameworks, as a way of reusing larger portions of software. The present authorization context has demanded for applications able to handle security policies of multiple access control models. Industry has resolved this problem in a pragmatic way, by mingling business and authorization concerns into the code. This dissertation thesis proposes an extensible and decoupled architectural model, which allows the separation of authorization from business concerns. The Esfinge Guardian framework is proposed, instantiated based on the architectural model and made available as an open source tool. An application is created as an experiment, in which some authorization scenarios have been implemented and the achieved modularity is evaluated. Additionally, a comparative analysis among academic and industry frameworks is realized. As a result, software developers using Esfinge Guardian should be able to write code respecting the software engineering principle of separation of concerns.
id ITA_6a891a483441329f32cb5e408fc161e7
oai_identifier_str oai:agregador.ibict.br.BDTD_ITA:oai:ita.br:2840
network_acronym_str ITA
network_name_str Biblioteca Digital de Teses e Dissertações do ITA
spelling An architectural model for access control frameworks extensible for different authorization modelsArquitetura de softwareControle de acessoMetadadosSegurançaDesenvolvimento de softwareEngenharia de softwareAuthorization in its most basic form can be reduced to a simple question: "a subject X may access a resource Y?" A subject is a process, which is the representative of a user or an active external agent in a system. A resource is anything worth protecting such as files or services. The attempt to implement an adequate response to the authorization question has produced many access control models and mechanisms. The development of the authorization mechanisms usually employs frameworks, as a way of reusing larger portions of software. The present authorization context has demanded for applications able to handle security policies of multiple access control models. Industry has resolved this problem in a pragmatic way, by mingling business and authorization concerns into the code. This dissertation thesis proposes an extensible and decoupled architectural model, which allows the separation of authorization from business concerns. The Esfinge Guardian framework is proposed, instantiated based on the architectural model and made available as an open source tool. An application is created as an experiment, in which some authorization scenarios have been implemented and the achieved modularity is evaluated. Additionally, a comparative analysis among academic and industry frameworks is realized. As a result, software developers using Esfinge Guardian should be able to write code respecting the software engineering principle of separation of concerns.Instituto Tecnológico de AeronáuticaEduardo Martins GuerraClovis Torres FernandesJefferson de Oliveira Silva2013-12-06info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesishttp://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=2840reponame:Biblioteca Digital de Teses e Dissertações do ITAinstname:Instituto Tecnológico de Aeronáuticainstacron:ITAenginfo:eu-repo/semantics/openAccessapplication/pdf2019-02-02T14:04:59Zoai:agregador.ibict.br.BDTD_ITA:oai:ita.br:2840http://oai.bdtd.ibict.br/requestopendoar:null2020-05-28 19:40:12.146Biblioteca Digital de Teses e Dissertações do ITA - Instituto Tecnológico de Aeronáuticatrue
dc.title.none.fl_str_mv An architectural model for access control frameworks extensible for different authorization models
title An architectural model for access control frameworks extensible for different authorization models
spellingShingle An architectural model for access control frameworks extensible for different authorization models
Jefferson de Oliveira Silva
Arquitetura de software
Controle de acesso
Metadados
Segurança
Desenvolvimento de software
Engenharia de software
title_short An architectural model for access control frameworks extensible for different authorization models
title_full An architectural model for access control frameworks extensible for different authorization models
title_fullStr An architectural model for access control frameworks extensible for different authorization models
title_full_unstemmed An architectural model for access control frameworks extensible for different authorization models
title_sort An architectural model for access control frameworks extensible for different authorization models
author Jefferson de Oliveira Silva
author_facet Jefferson de Oliveira Silva
author_role author
dc.contributor.none.fl_str_mv Eduardo Martins Guerra
Clovis Torres Fernandes
dc.contributor.author.fl_str_mv Jefferson de Oliveira Silva
dc.subject.por.fl_str_mv Arquitetura de software
Controle de acesso
Metadados
Segurança
Desenvolvimento de software
Engenharia de software
topic Arquitetura de software
Controle de acesso
Metadados
Segurança
Desenvolvimento de software
Engenharia de software
dc.description.none.fl_txt_mv Authorization in its most basic form can be reduced to a simple question: "a subject X may access a resource Y?" A subject is a process, which is the representative of a user or an active external agent in a system. A resource is anything worth protecting such as files or services. The attempt to implement an adequate response to the authorization question has produced many access control models and mechanisms. The development of the authorization mechanisms usually employs frameworks, as a way of reusing larger portions of software. The present authorization context has demanded for applications able to handle security policies of multiple access control models. Industry has resolved this problem in a pragmatic way, by mingling business and authorization concerns into the code. This dissertation thesis proposes an extensible and decoupled architectural model, which allows the separation of authorization from business concerns. The Esfinge Guardian framework is proposed, instantiated based on the architectural model and made available as an open source tool. An application is created as an experiment, in which some authorization scenarios have been implemented and the achieved modularity is evaluated. Additionally, a comparative analysis among academic and industry frameworks is realized. As a result, software developers using Esfinge Guardian should be able to write code respecting the software engineering principle of separation of concerns.
description Authorization in its most basic form can be reduced to a simple question: "a subject X may access a resource Y?" A subject is a process, which is the representative of a user or an active external agent in a system. A resource is anything worth protecting such as files or services. The attempt to implement an adequate response to the authorization question has produced many access control models and mechanisms. The development of the authorization mechanisms usually employs frameworks, as a way of reusing larger portions of software. The present authorization context has demanded for applications able to handle security policies of multiple access control models. Industry has resolved this problem in a pragmatic way, by mingling business and authorization concerns into the code. This dissertation thesis proposes an extensible and decoupled architectural model, which allows the separation of authorization from business concerns. The Esfinge Guardian framework is proposed, instantiated based on the architectural model and made available as an open source tool. An application is created as an experiment, in which some authorization scenarios have been implemented and the achieved modularity is evaluated. Additionally, a comparative analysis among academic and industry frameworks is realized. As a result, software developers using Esfinge Guardian should be able to write code respecting the software engineering principle of separation of concerns.
publishDate 2013
dc.date.none.fl_str_mv 2013-12-06
dc.type.driver.fl_str_mv info:eu-repo/semantics/publishedVersion
info:eu-repo/semantics/masterThesis
status_str publishedVersion
format masterThesis
dc.identifier.uri.fl_str_mv http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=2840
url http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=2840
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Instituto Tecnológico de Aeronáutica
publisher.none.fl_str_mv Instituto Tecnológico de Aeronáutica
dc.source.none.fl_str_mv reponame:Biblioteca Digital de Teses e Dissertações do ITA
instname:Instituto Tecnológico de Aeronáutica
instacron:ITA
reponame_str Biblioteca Digital de Teses e Dissertações do ITA
collection Biblioteca Digital de Teses e Dissertações do ITA
instname_str Instituto Tecnológico de Aeronáutica
instacron_str ITA
institution ITA
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações do ITA - Instituto Tecnológico de Aeronáutica
repository.mail.fl_str_mv
subject_por_txtF_mv Arquitetura de software
Controle de acesso
Metadados
Segurança
Desenvolvimento de software
Engenharia de software
_version_ 1706809291785109504

Registros relacionados