Skip to main content
SpringerLink
Log in

Runtime Enforcement of Dynamic Security Policies

  • Conference paper
Software Architecture (ECSA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8627))

Included in the following conference series:

Abstract

The security policies of an application can change at runtime due to several reasons, as for example the changes on the user preferences, the lack of enough resources in mobile environments or the negotiation of security levels between the interacting parties. As these security policies change, the application code that copes with the security functionalities should be adapted in order to enforce at runtime the changing security policies. In this paper we present the design, implementation and evaluation of a runtime security adaptation service. This service is based on the combination of autonomic computing and aspect-oriented programming, where the security functionalities are implemented as aspects that are dynamically configured, deployed or un-deployed by generating and executing a security adaptation plan. This service is part of the INTER-TRUST framework, a complete solution for the definition, negotiation and run-time enforcement of security policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. FP7 European Project INTER-TRUST: Interoperable Trust Assurance Infrastructure, http://www.inter-trust.eu/

  2. Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: POLICY, pp. 120–131 (2003)

    Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  4. Sandhu, R.: Lattice-based access control models. Computer 26(11), 9–19 (1993)

    Article  Google Scholar 

  5. IBM: Autonomic Computing White Paper - An architectural blueprint for autonomic computing. IBM Corp. (2005)

    Google Scholar 

  6. Hallsteinsen, S., Hinchey, M., Park, S., Schmid, K.: Dynamic Software Product Lines. Computer 41(4), 93–95 (2008)

    Article  Google Scholar 

  7. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-Oriented Programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  8. Mallouli, W., de Oca, E.M., Wehbi, B., Fuentes, L., Pinto, M., Horcas, J.M., Benab, J.B., Prez, J.M.M., Ayed, S., Cuppens, N., Cuppens, F., Toumi, K., Cavalli, A., Kerezsi, E.: Specification and design of the secure interoperability framework and tools - first version. Deliverable D4.2.1, FP7 European Project INTER-TRUST (2013), http://inter-trust.lcc.uma.es/documents/10180/15714/INTER-TRUST-T4.2-MI-DELV-D4.2.1-SpecDesSecInterFram

  9. Haugen, O., Wąsowski, A., Czarnecki, K.: CVL: Common Variability Language. In: SPLC 2012, vol. 2, pp. 266–267 (2012)

    Google Scholar 

  10. Horcas, J.M., Pinto, M., Fuentes, L.: Closing the gap between the specification and enforcement of security policies. In: TrustBus (2014)

    Google Scholar 

  11. Andrade, R., Ribeiro, M., Gasiunas, V., Satabin, L., Rebelo, H., Borba, P.: Assessing idioms for implementing features with flexible binding times. In: CSMR, pp. 231–240 (2011)

    Google Scholar 

  12. Andrade, R., Rebelo, H., Ribeiro, M., Borba, P.: Aspectj-based idioms for flexible feature binding. In: SBCARS, pp. 59–68 (2013)

    Google Scholar 

  13. Arrazola, J., Merle, L.: Specification of the evaluation criteria. Deliverable D5.2, FP7 European Project INTER-TRUST (2013), http://inter-trust.lcc.uma.es/documents/10180/15714/INTER-TRUST+-++D5.2+Specification+of+the+evaluation+criteria/72c26aff-51fa-4117-b9ba-7afcac8468e0

  14. Bernab, J.B., Perez, J.M.M., Skarmeta, A.F., Pasini, R., Viszlai, E., Mallouli, W., Toumi, K., Ayed, S., Pinto, M., Fuentes, L., Horcas, J.M., Arrazola, J., Merle, L., Frontanta, J.L.V.: Results of first evaluation. Deliverable D5.3, FP7 European Project INTER-TRUST (2013), http://inter-trust.lcc.uma.es/documents/10180/15714/INTER-TRUST-T5.3-UMU-DELV-D5.3-ResultsFirstEval-V1.00.pdf/f8547c6e-bdbe-4be2-ade9-0698876d4423

  15. Win, B.D., Piessens, F., Joosen, W.: How secure is AOP and what can we do about it? In: SESS, pp. 27–34. ACM (2006)

    Google Scholar 

  16. Elrakaiby, Y., Amrani, M., Le Traon, Y.: Security@runtime: A flexible mde approach to enforce fine-grained security policies. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 19–34. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  17. Tan, J.J., Poslad, S.: Dynamic security reconfiguration for the semantic web. Engineering Applications of Artificial Intelligence 17(7), 783–797 (2004)

    Article  Google Scholar 

  18. Tan, J.J., Poslad, S., Titkov, L.: A semantic approach to harmonizing security models for open services. Applied Artificial Intelligence 20(2-4), 353–379 (2006)

    Article  Google Scholar 

  19. Jrjens, J.: Secure Systems Development with UML. Springer (2010)

    Google Scholar 

  20. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)

    Article  Google Scholar 

  21. Lang, U.: OpenPMF SCaaS: Authorization as a service for cloud amp; SOA applications. In: CloudCom, pp. 634–643 (2010)

    Google Scholar 

  22. Lang, U.: Cloud & SOA application security as a service. In: ISSE 2010 Securing Electronic Business Processes, pp. 61–71 (2011)

    Google Scholar 

  23. Katt, B., Gander, M., Breu, R., Felderer, M.: Enhancing model driven security through pattern refinement techniques. In: Beckert, B., Bonsangue, M.M. (eds.) FMCO 2011. LNCS, vol. 7542, pp. 169–183. Springer, Heidelberg (2012)

    Google Scholar 

  24. Morin, B., Mouelhi, T., Fleurey, F., Traon, Y.L., Barais, O., Jézéquel, J.M.: Security-driven model-based dynamic adaptation. In: ASE, pp. 205–214 (2010)

    Google Scholar 

  25. Dong, W.: Dynamic reconfiguration method for web service based on policy. In: Electronic Commerce and Security, 61–65 (2008)

    Google Scholar 

  26. Gheorghe, G., Crispo, B., Carbone, R., Desmet, L., Joosen, W.: Deploy, adjust and readjust: Supporting dynamic reconfiguration of policy enforcement. In: Kon, F., Kermarrec, A.-M. (eds.) Middleware 2011. LNCS, vol. 7049, pp. 350–369. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  27. Cho, H.S., Hwang, S.M.: Mobile cloud policy decision management for mds. In: Lee, G., Howard, D., Kang, J.J., Ślęzak, D. (eds.) ICHIT 2012. LNCS, vol. 7425, pp. 645–649. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  28. Gamez, N., Fuentes, L.: Software product line evolution with cardinality-based feature models. In: Schmid, K. (ed.) ICSR 2011. LNCS, vol. 6727, pp. 102–118. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Andalucía Tech, Universidad de Málaga, Spain

    Jose-Miguel Horcas, Mónica Pinto & Lidia Fuentes

Authors
  1. Jose-Miguel Horcas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mónica Pinto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lidia Fuentes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Groningen, The Netherlands

    Paris Avgeriou

  2. Research Group Software Architecture, University of Vienna, Austria

    Uwe Zdun

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Horcas, JM., Pinto, M., Fuentes, L. (2014). Runtime Enforcement of Dynamic Security Policies. In: Avgeriou, P., Zdun, U. (eds) Software Architecture. ECSA 2014. Lecture Notes in Computer Science, vol 8627. Springer, Cham. https://doi.org/10.1007/978-3-319-09970-5_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09970-5_29

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09969-9

  • Online ISBN: 978-3-319-09970-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation