Zás. An Aspect-Oriented Access Control Framework

Detalhes bibliográficos
Autor(a) principal: Zenida, Paulo
Data de Publicação: 2007
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/668
Resumo: Traditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications. The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of aplications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application. This work presents an access control framework for Java applications, named Z´as, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Z´as was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations. We used Z´as in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Z´as framework prototype, we integrated it in a very large Web application called F´enix, which brought us very interesting results, such as showing the easiness of applicating Z´as to already existing applications, and also the main caveats and limitations of Z´as.
id RCAP_9ae09b21212be9399872222f761b93a4
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/668
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str
spelling Zás. An Aspect-Oriented Access Control FrameworkAccess controlAuthorizationAspect oriented programmingControlo de acessoAutorizaçãoProgramação orientada para aspectosTraditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications. The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of aplications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application. This work presents an access control framework for Java applications, named Z´as, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Z´as was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations. We used Z´as in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Z´as framework prototype, we integrated it in a very large Web application called F´enix, which brought us very interesting results, such as showing the easiness of applicating Z´as to already existing applications, and also the main caveats and limitations of Z´as.As arquitecturas dos sistemas de controlo de acesso são tradicionalmente baseadas no modelo abstracto de monitor de referência proposto por Anderson, o qual visa separar a lógica do controlo de acesso da lógica das aplicações. A concretização deste modelo tem sido dificultada pelo facto de o controlo de acesso se apresentar como uma faceta transversal às funcionalidades das aplicações. No entanto, os progressos verificados nas técnicas que suportam a separação de facetas, em particular a programação orientada para aspectos, têm permitido desenvolver sistemas em que o c´odigo de controlo de acesso não é disseminado pelo código das aplicações. Porém, estas soluções são ainda concretizações específicas, para uma determinada aplicação. Este trabalho apresenta uma plataforma de controlo de acesso para aplicações Java, designada por Z´as, que é reutilizável e que aplica o modelo abstracto de monitor de referência proposto por Anderson. Esta plataforma suporta políticas de controlo de acesso fazendo uso de diferentes tipos de informação de contexto e permitindo a sua alteração em tempo de execução. O Z´as foi desenvolvido na linguagem de programação orientada para aspectos AspectJ e recorrendo às anotações do Java 5. Nós aplicámos o Z´as a várias aplicações pequenas desde o seu começo, de forma a ganhar experiência e conhecimento através da sua aplicação. No entanto, para avaliar o desempenho e aplicabilidade da versão final do protótipo da plataforma Z´as, nós integrámo-lo numa aplicação Web muito grande chamada Fénix, a qual nos trouxe resultados muito interessantes, tais como mostrar a facilidade da aplicação do Z´as a aplicações já existentes, e os principais problemas e limitacções do Z´as.2008-06-12T11:45:55Z2008-01-01T00:00:00Z20082007-07-19info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfapplication/octet-streamhttp://hdl.handle.net/10071/668engZenida, Pauloinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-09-03T01:17:13ZPortal AgregadorONG
dc.title.none.fl_str_mv Zás. An Aspect-Oriented Access Control Framework
title Zás. An Aspect-Oriented Access Control Framework
spellingShingle Zás. An Aspect-Oriented Access Control Framework
Zenida, Paulo
Access control
Authorization
Aspect oriented programming
Controlo de acesso
Autorização
Programação orientada para aspectos
title_short Zás. An Aspect-Oriented Access Control Framework
title_full Zás. An Aspect-Oriented Access Control Framework
title_fullStr Zás. An Aspect-Oriented Access Control Framework
title_full_unstemmed Zás. An Aspect-Oriented Access Control Framework
title_sort Zás. An Aspect-Oriented Access Control Framework
author Zenida, Paulo
author_facet Zenida, Paulo
author_role author
dc.contributor.author.fl_str_mv Zenida, Paulo
dc.subject.por.fl_str_mv Access control
Authorization
Aspect oriented programming
Controlo de acesso
Autorização
Programação orientada para aspectos
topic Access control
Authorization
Aspect oriented programming
Controlo de acesso
Autorização
Programação orientada para aspectos
description Traditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications. The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of aplications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application. This work presents an access control framework for Java applications, named Z´as, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Z´as was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations. We used Z´as in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Z´as framework prototype, we integrated it in a very large Web application called F´enix, which brought us very interesting results, such as showing the easiness of applicating Z´as to already existing applications, and also the main caveats and limitations of Z´as.
publishDate 2007
dc.date.none.fl_str_mv 2007-07-19
2008-06-12T11:45:55Z
2008-01-01T00:00:00Z
2008
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/668
url http://hdl.handle.net/10071/668
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
application/octet-stream
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1777304016932306944

Registros relacionados