Secure Internet Programming pp 35-49 | Cite as
Reflective Authorization Systems: Possibilities, Benefits, and Drawbacks
Chapter
Abstract
We analyze how to use the reflective approach to integrate an authorization system into a distributed object-oriented framework. The expected benefits from the reflective approach are: more stability of the security layer (i.e., with a more limited number of hidden bugs), better software and development modularity, more reusability, and the possibility to adapt the security module with at most a few changes to other applications. Our analysis is supported by simple and illustrative examples written in Java.
Keywords
Authorization Distributed Objects Object Orientation Reflection SecurityPreview
Unable to display preview. Download preview PDF.
References
- [1]Massimo Ancona, Walter Cazzola, Gabriella Dodero, and Vittoria Gianuzzi. Channel Reification: a Reflective Approach to Fault-Tolerant Software Development. In OOPSLA’ 95 (poster section), page 137, Austin, Texas, USA, on 15th–19th October 1995. ACM. Available at http://www.disi.unige.it/person/CazzolaW/references.html.
- [2]Massimo Ancona, Walter Cazzola, Gabriella Dodero, and Vittoria Gianuzzi. Channel Reification: A Reflective Model for Distributed Computation. In proceedings of IEEE International Performance Computing, and Communication Conference (IPCCC’98), 98CH36191, pages 32–36, Phoenix, Arizona, USA, on 16th–18th February 1998. IEEE.Google Scholar
- [3]Ken Arnold and James Gosling. The Java Programming Language. The Java Series... from the Source. Addison-Wesley, Reading, Massachusetts, second edition, December 1997.Google Scholar
- [4]Elisa Bertino, Sabrina De Capitani di Vimercati, Elena Ferrari, and Pierangela Samarati. Exception-Based Information Flow Control in Object-Oriented Systems. ACM Transactions on Information and System Security (TISSEC), 1(1), November 1998.Google Scholar
- [5]W. E. Boebert and R. Y. Kain. A Pratical Alternative to Hierarchical Integrity Policies. In proceedings of 8th National Computing Security Conference, Gaithersburg, October 1985.Google Scholar
- [6]Walter Cazzola. Evaluation of Object-Oriented Reflective Models. In proceedings of ECOOP Workshop on Reflective Object-Oriented Programming and Systems (EWROOPS’98), in 12th European Conference on Object-Oriented Programming (ECOOP’98), Brussels, Belgium, on 20th–24th July 1998. Available at http://www.disi.unige.it/person/CazzolaW/references.html.
- [7]Helen Custer. Inside Windows NT. Microsoft Press, Redmond, WA, 1993.Google Scholar
- [8]Francois-Nicola Demers and Jacques Malenfant. Reflection in Logic, Functional and Object-Oriented Programming: a Short Comparative Study. In proceedings of the workshop section, in IJCAI’95 (International Join Conference on AI), Montréal, Canada, August 1995.Google Scholar
- [9]Eduardo B. Fernandez and J. C. Hawkins. Determining Role Rights from Use Cases. In proceedings of the 2nd ACM Workshop on Role Based Access Control (RBAC’97), pages 121–125, November 1997.Google Scholar
- [10]Eduardo B. Fernandez, Maria M. Larrondo-Petrie, and Ehud Gudes. A Method-Based Authorization Model for Object-Oriented Databases. In proceedings of the OOPSLA’93 Workshop on Security in Object-Oriented Systems, pages 70–79. ACM, 1993.Google Scholar
- [11]Eduardo B. Fernandez, Rita C. Summers, and Christopher Wood. Database Security and Integrity. Addison-Wesley, Reading, Massachusetts, 1981.Google Scholar
- [12]Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman. Protection in Operating Systems. Communication of the ACM, 19(8):461–471, August 1976.MATHCrossRefMathSciNetGoogle Scholar
- [13]Trent Jaeger, Nayeen Islam, Rangachari Anand, Atul Prakash, and Jochen Liedtke. Flexible Control of Downloaded Executable Content. http://www.ibm.com/Java/education/flexcontrol, 1997.
- [14]Butler W. Lampson. Protection. Operating System Review, 8(1):18–34, January 1974. Reprint.CrossRefGoogle Scholar
- [15]Pattie Maes. Concepts and Experiments in Computational Reflection. In proceedings of OOPSLA’ 87, volume 22 of Sigplan Notices, pages 147–156. ACM, October 1987.Google Scholar
- [16]Edwin Menze, F. Reynolds, and F. Travostino. Programming with System Resources in Support of Real-Time Distributed Applications. In proceedings of the 1996 IEEE Workshop on Object-Oriented Real-Time Dependable Systems, pages 36–45, Laguna Beach, Ca, February 1996. IEEE.Google Scholar
- [17]Ravi Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E Youman. Role-Based Access Control Models. Computer, 29(2):38–47, February 1996.CrossRefGoogle Scholar
- [18]Susann Sonntag, Hermann Härtig, Oliver Kowalski, Winfried Kühnhauser, and Wolfang Lux. Adaptability Using Reflection. In proceedings of the 27th Annual Hawaii International Conference on System Sciences, pages 383–392, 1994.Google Scholar
- [19]Oliver Spatscheck and Larry L. Peterson. Escort: A Path-Based OS Security Architecture. Technical Report TR-97-17, Department of Computer Science, The University of Arizona, Tucson, AZ 85721, November 1997.Google Scholar
- [20]Robert J. Stroud. Transparency and Reflection in Distributed Systems. ACM Operating System Review, 22:99–103, April 1992.Google Scholar
- [21]Robert J. Stroud and Zhixue Wu. Using Metaobject Protocols to Satisfy Non-Functional Requirements. In Chris Zimmerman, editor, Advances in Object-Oriented Metalevel Architectures and Reflection, chapter 3, pages 31–52. CRC Press, Inc., 2000 Corporate Blvd., N.W., Boca Raton, Florida 33431, 1996.Google Scholar
Copyright information
© Springer-Verlag Berlin Heidelberg 1999