An Aspect-Oriented Approach to Declarative Access Control for Web Applications

Chen, Kung; Lin, Ching-Wei

doi:10.1007/11610113_17

Kung Chen²¹ &
Ching-Wei Lin²¹

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3841))

Included in the following conference series:

Asia-Pacific Web Conference

829 Accesses
4 Citations

Abstract

This paper presents an aspect-oriented approach to declarative access control for Web applications that can not only realize fine-grained access control requirements but also accomplish it with very little runtime overhead. We devise a translation scheme that will automatically synthesize the desired aspect modules from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 189.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

The Apache Struts Web Application Framework, http://struts.apache.org/
Beznosov, K., Deng, Y.: Engineering Application-level Access Control in Distributed Systems. In: Handbook of Software Engineering and Knowledge Engineering, vol. 1 (2002)
Google Scholar
Chen, K., Huang, C.H.: A Practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applications. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 156–167. Springer, Heidelberg (2005)
Chapter Google Scholar
De Win, B., Piessens, F., Joosen, W., Verhanneman, T.: On the importance of the separation-of-concerns principle in secure software engineering. In: Workshop on the Application of Engineering Principles to System Security Design (2002)
Google Scholar
De Win, B., Vanhaute, B., De Decker, B.: Security Through Aspect-Oriented Programming. In: Advances in Network and Distributed Systems Security, pp. 125–138. Kluwer Academic, Dordrecht (2001)
Google Scholar
Fonseca, C.A.: Extending JAAS for Class Instance-Level Authorization. IBM DeveloperWorks (April 2002), http://www-106.ibm.com/developerworks/java/library/j-jaas/
Gamma, Helm, Johnson, Vlissides: Design Patterns. Addison-Wesley, Reading (1995)
Google Scholar
Goodwin, R., Goh, S.F., Wu, F.Y.: Instance-level access control for business-to-business electronic commerce. IBM System Journal 41(2) (2002)
Google Scholar
Hilsdale, E., Hugunin, J.: Advice Weaving in AspectJ. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, Lancaster, pp. 26–35 (2004)
Google Scholar
Kiczales, G., Lamping, J., Menhdhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
Chapter Google Scholar
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: Getting Started with AspectJ. Communications of ACM 44(10), 59–65 (2001)
Article Google Scholar
Lin, C.W.: An Aspect-Oriented Approach to Fine-Grained Access Control for Web Applications. M.S. Thesis, National Chengchi University (July 2005)
Google Scholar
Open Web Application Security Project: The Top Ten Most Critical Web Application Security Vulnerabilities, http://www.owasp.org/documentation/topten
Probst, S., Kueng, J.: The Need for Declarative Security Mechanisms. In: IEEE Proceedings of the 30th EUROMICRO Conference (EUROMICRO 2004) (August 2004)
Google Scholar
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Google Scholar
Sun Microsystems, Java Authentication and Authorization Service (JAAS), http://java.sun.com/products/jaas/index.jsp
Sun Microsystem, Java 2 Platform, Enterprise Edition (J2EE), http://java.sun.com/j2ee/

Download references

Author information

Authors and Affiliations

Department of Computer Science, National Chengchi University, Wenshan, Taipei, 106, Taiwan
Kung Chen & Ching-Wei Lin

Authors

Kung Chen
View author publications
You can also search for this author in PubMed Google Scholar
Ching-Wei Lin
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of ITEE, The University of Queensland, Australia
Xiaofang Zhou
School of Computer Science and Technology, Heilongjiang University, China
Jianzhong Li
School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, Australia
Heng Tao Shen
Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba, Meguro-ku, 153-8505, Tokyo, Japan
Masaru Kitsuregawa
Victoria University, Australia
Yanchun Zhang

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chen, K., Lin, CW. (2006). An Aspect-Oriented Approach to Declarative Access Control for Web Applications. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds) Frontiers of WWW Research and Development - APWeb 2006. APWeb 2006. Lecture Notes in Computer Science, vol 3841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11610113_17

Download citation

DOI: https://doi.org/10.1007/11610113_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31142-3
Online ISBN: 978-3-540-32437-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics