Skip to main content
SpringerLink
Log in

Achieving dynamicity in security policies enforcement using aspects

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The dynamic configuration and evolution of large-scale heterogeneous systems has made the enforcement of security requirements one of the most critical phases throughout the system development lifecycle. In this paper, we propose a framework architecture to associate the security policies with the specification and the execution phases of applications defined for these systems. Our proposed framework is based on an aspect-oriented programming approach and on the organization-based access control model to dynamically enforce and manage the access and the usage control. The deployment of the framework modules, proposed in this paper, takes into account the changes that may occur in the security policy during the application execution. We also present the implementation as well as the evaluation of our proposition.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

(adapted and modified from Ayed et al. [3])

Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Due to legal reasons and to allow for flexible deployment, we consider that ITS center will send an advance notification of possible installation of application’s service-pack. This advance notification is intended to help user plan for the effective deployment of application.

References

  1. Alhadidi, D., Boukhtouta, A., Belblidia, N., Debbabi, M., Bhattacharya, P.: The dataflow pointcut: a formal and practical framework. In: AOSD ’09: Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development, pp. 15–26. ACM, New York. (2009). doi:10.1145/1509239.1509244. ISBN 978-1-60558-442-3

  2. Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma-Brebel, C.: MotOrBAC 2: a security policy tool. In: Sarssi’08: 3ème conférence sur la sécurité des architectures réseaux et des systèmes d’information. Loctudy (2008)

  3. Ayed, S., Idrees, M.S., Cuppens-Boulahia, N., Pinto, M., Fuentes, L., Cuppens, F.: Security aspects: a framework for enforcement of security policies using AOP. In: Sitis 2013: International Conference on Signal-Image Technology and Internet-Based Systems, ed. IEEE, pp. 301–308 (2013)

  4. Cannon, B., Wohlstadter, E.: Enforcing security for desktop clients using authority aspects. In Aosd ’09: Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development, pp. 255–266. ACM, New York (2009). doi:10.1145/1509239.1509275. ISBN 978-1-60558-442-3

  5. Cannon, B., Wohlstadter, E.: Enforcing security for desktop clients using authority aspects. In: Aosd ’09: Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development, pp. 255–266. (2009). ISBN 978-1-60558-442-3

  6. Coma-Brebel, C.: Interopérabilité et cohérence de politiques de sécurité pour les réseaux auto-organisants. Th. doct.: Informatique, Institut Mines-Télécom-Télécom Bretagne-UBL (2009)

  7. Coma-Brebel, C., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.R.: A context ontology based approach for secure interoperability. In: HP-SUA 2007: HP Software University Association 2007. Garching/Munich (2007)

  8. Courbis, C., Finkelstein, A.: Weaving aspects into web service orchestrations. In: ICWS ’05: Proceedings of the IEEE International Conference on Web Services, pp. 219–226. IEEE Computer Society, Washington. (2005). doi:10.1109/ICWS.2005.129. ISBN 0-7695-2409-5

  9. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008). doi:10.1007/s10207-007-0051-9

    Article  MATH  Google Scholar 

  10. Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. Electron. Notes Theor. Comput. Sci. 186, 3–26 (2007). doi:10.1016/j.entcs.2007.01.064

    Article  MathSciNet  MATH  Google Scholar 

  11. Cuppens, F., Cuppens-Boulahia, N., Viña, E.P.: Adaptive access control enforcement in social network using aspect weaving. In: Proceedings of the 17th International Conference on Database Systems for Advanced Applications, pp. 154–167. (2012). ISBN 978-3-642-29022-0

  12. Curry, E., Mahmoud, Q.H.: Message-oriented middleware. Middlew. Commun. 1–28 (2004). ISBN 978-0-470-86206-3

  13. De Borger, W., De Win, B., Lagaisse, B., Joosen, W.: A permission system for secure AOP. In: AOSD ’10: Proceedings of the 9th International Conference on Aspect-Oriented Software Development, pp. 205–216. ACM, New York. (2010). doi:10.1145/1739230.1739254. ISBN 978-1-60558-958-9

  14. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: Formal enforcement and management of obligation policies. Data Knowl. Eng. 71(1), 127–147 (2012). doi:10.1016/j.datak.2011.09.001

    Article  Google Scholar 

  15. Falcone, Y., Jaber, M.: Towards automatic integration of Or-BAC security policies using aspects. In: Software Engineering Research and Practice, pp. 495–499 (2010)

  16. Filman, R., Elrad, T., Clarke, S., Aksit, M.: Aspect-Oriented Software Development. Addison-Wesley Professional, Reading (2004)

  17. Fikes, R., Hayes, P., Horrocks, I.: OWL-QL—a language for deductive query answering on the Semantic Web. Web Semantics: Science, Services and Agents on the World Wide Web 2(1), 19–29 (2004)

  18. Fradet, P., Ha, S.H.T.: Aspects of availability: enforcing timed properties to prevent denial of service. Sci. Comput. Program. 75(7), 516–542 (2010)

    Article  MATH  Google Scholar 

  19. Haarslev, V., Moller, R.: RACER: an OWL reasoning agent for the semantic web. In: 1st International Workshop on Applications, Products and Services of Web-Based Support Systems, WCC’03, pp. 91–95 (2003)

  20. Idrees, M.S., Serme, G., Roudier, Y., De Oliveira, A.S., Grall, H., Sudholt, M.: Evolving security requirements in multi-layered service-oriented-architectures. In: SETOP: 4th International Workshop on Autonomous and Spontaneous Security. BELGIQUE, Leuven (2011)

  21. Jones, M., Hamlen, K.W.: Disambiguating aspect-oriented security policies. In: AOSD ’10: Proceedings of the 9th International Conference on Aspect-Oriented Software Development, pp. 193–204. ACM, New York (2010). doi:10.1145/1739230.1739253. ISBN 978-1-60558-958-9

  22. Kalam, A.A.E., Benferhat, S., Miège, A., El Baida, R., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks. Policy ’03, 120. IEEE Computer Society, Washington. (2003). ISBN 0-7695-1933-4. http://dl.acm.org/citation.cfm?id=826036.826869

  23. Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003). doi:10.1109/POLICY.2003.1206966

  24. Kiczales, G.: Aspect-oriented programming. ACM Comput. Surv 28(4es), 154 (1996)

    Article  Google Scholar 

  25. O’Connor, M., Das, A.: SQWRL: a query language for OWL. In: Proceedings of the 5th International Workshop on OWL: Experiences and Directions. Owled’09 (2009)

  26. Ponnalagu, K., Narendra, N.C., Krishnamurthy, J., Ramkumar, R.: Aspect-oriented approach for non-functional adaptation of composite web services. In: Services, 2007 IEEE Congress on, pp. 284–291. (2007). doi:10.1109/SERVICES.2007.18

  27. Prud’hommeaux, E., Seaborne, A.: SPARQL Query Language for RDF. Recommendation, W3C (2008)

  28. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996). doi:10.1109/2.485845

    Article  Google Scholar 

  29. Vinoski, S.: Advanced message queuing protocol. IEEE Internet Comput. 10(6), 87–89 (2006). doi:10.1109/MIC.2006.116

    Article  Google Scholar 

  30. Xu, D., Goel, V., Nygard, K.E., Wong Eric, W.: Aspect-oriented specification of threat-driven security requirements. Int. J. Comput. Appl. Technol. 31(1/2), 131–140 (2008). doi:10.1504/IJCAT.2008.017725

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut Mines-Telecom/Telecom Bretagne, 35576, Cesson Sévigné Cedex, France

    Samiha Ayed, Muhammad Sabir Idrees, Nora Cuppens & Frederic Cuppens

Authors
  1. Samiha Ayed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Sabir Idrees
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nora Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frederic Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samiha Ayed.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ayed, S., Idrees, M.S., Cuppens, N. et al. Achieving dynamicity in security policies enforcement using aspects. Int. J. Inf. Secur. 17, 83–103 (2018). https://doi.org/10.1007/s10207-016-0357-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-016-0357-6

Keywords

Search

Navigation