Zás. An Aspect-Oriented Access Control Framework
Autor(a) principal: | |
---|---|
Data de Publicação: | 2007 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10071/668 |
Resumo: | Traditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications. The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of aplications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application. This work presents an access control framework for Java applications, named Z´as, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Z´as was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations. We used Z´as in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Z´as framework prototype, we integrated it in a very large Web application called F´enix, which brought us very interesting results, such as showing the easiness of applicating Z´as to already existing applications, and also the main caveats and limitations of Z´as. |
id |
RCAP_9ae09b21212be9399872222f761b93a4 |
---|---|
oai_identifier_str |
oai:repositorio.iscte-iul.pt:10071/668 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Zás. An Aspect-Oriented Access Control FrameworkAccess controlAuthorizationAspect oriented programmingControlo de acessoAutorizaçãoProgramação orientada para aspectosTraditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications. The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of aplications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application. This work presents an access control framework for Java applications, named Z´as, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Z´as was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations. We used Z´as in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Z´as framework prototype, we integrated it in a very large Web application called F´enix, which brought us very interesting results, such as showing the easiness of applicating Z´as to already existing applications, and also the main caveats and limitations of Z´as.As arquitecturas dos sistemas de controlo de acesso são tradicionalmente baseadas no modelo abstracto de monitor de referência proposto por Anderson, o qual visa separar a lógica do controlo de acesso da lógica das aplicações. A concretização deste modelo tem sido dificultada pelo facto de o controlo de acesso se apresentar como uma faceta transversal às funcionalidades das aplicações. No entanto, os progressos verificados nas técnicas que suportam a separação de facetas, em particular a programação orientada para aspectos, têm permitido desenvolver sistemas em que o c´odigo de controlo de acesso não é disseminado pelo código das aplicações. Porém, estas soluções são ainda concretizações específicas, para uma determinada aplicação. Este trabalho apresenta uma plataforma de controlo de acesso para aplicações Java, designada por Z´as, que é reutilizável e que aplica o modelo abstracto de monitor de referência proposto por Anderson. Esta plataforma suporta políticas de controlo de acesso fazendo uso de diferentes tipos de informação de contexto e permitindo a sua alteração em tempo de execução. O Z´as foi desenvolvido na linguagem de programação orientada para aspectos AspectJ e recorrendo às anotações do Java 5. Nós aplicámos o Z´as a várias aplicações pequenas desde o seu começo, de forma a ganhar experiência e conhecimento através da sua aplicação. No entanto, para avaliar o desempenho e aplicabilidade da versão final do protótipo da plataforma Z´as, nós integrámo-lo numa aplicação Web muito grande chamada Fénix, a qual nos trouxe resultados muito interessantes, tais como mostrar a facilidade da aplicação do Z´as a aplicações já existentes, e os principais problemas e limitacções do Z´as.2008-06-12T11:45:55Z2008-01-01T00:00:00Z20082007-07-19info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfapplication/octet-streamhttp://hdl.handle.net/10071/668engZenida, Pauloinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:51:33Zoai:repositorio.iscte-iul.pt:10071/668Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:25:32.435155Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Zás. An Aspect-Oriented Access Control Framework |
title |
Zás. An Aspect-Oriented Access Control Framework |
spellingShingle |
Zás. An Aspect-Oriented Access Control Framework Zenida, Paulo Access control Authorization Aspect oriented programming Controlo de acesso Autorização Programação orientada para aspectos |
title_short |
Zás. An Aspect-Oriented Access Control Framework |
title_full |
Zás. An Aspect-Oriented Access Control Framework |
title_fullStr |
Zás. An Aspect-Oriented Access Control Framework |
title_full_unstemmed |
Zás. An Aspect-Oriented Access Control Framework |
title_sort |
Zás. An Aspect-Oriented Access Control Framework |
author |
Zenida, Paulo |
author_facet |
Zenida, Paulo |
author_role |
author |
dc.contributor.author.fl_str_mv |
Zenida, Paulo |
dc.subject.por.fl_str_mv |
Access control Authorization Aspect oriented programming Controlo de acesso Autorização Programação orientada para aspectos |
topic |
Access control Authorization Aspect oriented programming Controlo de acesso Autorização Programação orientada para aspectos |
description |
Traditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications. The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of aplications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application. This work presents an access control framework for Java applications, named Z´as, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Z´as was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations. We used Z´as in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Z´as framework prototype, we integrated it in a very large Web application called F´enix, which brought us very interesting results, such as showing the easiness of applicating Z´as to already existing applications, and also the main caveats and limitations of Z´as. |
publishDate |
2007 |
dc.date.none.fl_str_mv |
2007-07-19 2008-06-12T11:45:55Z 2008-01-01T00:00:00Z 2008 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10071/668 |
url |
http://hdl.handle.net/10071/668 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf application/octet-stream |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134818319990784 |