From Formal Access Control Policies to Runtime Enforcement Aspects

  • Slim Kallel
  • Anis Charfi
  • Mira Mezini
  • Mohamed Jmaiel
  • Karl Klose
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5429)


We present an approach that addresses both formal specification and verification as well as runtime enforcement of RBAC access control policies including application specific constraints such as separation of duties (SoD). We introduce Temporal \(\cal{Z}\), a formal language based on Z and temporal logic, which provides domain specific predicates for expressing RBAC and SoD constraints. An aspect-oriented language with domain specific concepts for RBAC and SoD constraints is used for the runtime enforcement of policies. Enforcement aspects are automatically generated from Temporal \(\cal{Z}\) specifications hence avoiding the possibility of errors and inconsistencies that may be introduced when enforcement code is written manually. Furthermore, the use of aspects ensures the modularity of the enforcement code and its separation from the business logic.


Temporal Logic Security Policy Access Control Policy Enforcement Code Administrative Operation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3 (2000)Google Scholar
  2. 2.
    Ligatti, J., Bauer, L., Walker, D.W.: Enforcing non-safety security policies with program monitors. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for Role-based Access Control: Towards a Unified Standard. In: Proc. of RBAC. ACM, New York (2000)Google Scholar
  4. 4.
    Gligor, V.D., Gavrila, S.I., Ferraiolo, D.F.: On the formal definition of separation-of-duty policies and their composition. In: Proc. of Symposium on Security and Privacy. IEEE, Los Alamitos (1998)Google Scholar
  5. 5.
    Spivey, M.: The Z notation: a reference manual. Prentice Hall International Ltd., Englewood Cliffs (1992)zbMATHGoogle Scholar
  6. 6.
    Manna, Z., Pnueli, A.: The temporal logic of reactive and concurrent systems. Springer, Heidelberg (1992)CrossRefzbMATHGoogle Scholar
  7. 7.
    Ostermann, K., Mezini, M., Bockisch, C.: Expressive pointcuts for increased modularity. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 214–240. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Meisels, I., Saaltink, M.: The Z/EVES reference manual (v 1.5) (1997)Google Scholar
  9. 9.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15 (2006)Google Scholar
  10. 10.
    Neumann, G., Strembeck, M.: An approach to engineer and enforce context constraints in an RBAC environment. In: Proc. of SACMAT. ACM Press, New York (2003)Google Scholar
  11. 11.
    Schaad, A., Lotz, V., Sohr, K.: A model-checking approach to analysing organisational controls in a loan origination process. In: Proc. of SACMAT. ACM, New York (2006)Google Scholar
  12. 12.
    Regayeg, A., Kacem, A.H., Jmaiel, M.: Towards a formal methodology for designing multi-agent applications. In: Eymann, T., Klügl, F., Lamersdorf, W., Klusch, M., Huhns, M.N. (eds.) MATES 2005. LNCS, vol. 3550, pp. 153–164. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Ahn, G.J.: Specification and Classification of Role-based Authorization Policies. In: Proc. of WETICE. IEEE, Los Alamitos (2003)Google Scholar
  15. 15.
    Kallel, S., Charfi, A., Mezini, M., Jmaiel, M.: Combining formal methods and aspects for specifying and enforcing architectural invariants. In: Murphy, A.L., Vitek, J. (eds.) COORDINATION 2007. LNCS, vol. 4467, pp. 211–230. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Kallel, S., Charfi, A., Mezini, M., Jmaiel, M.: Aspect-based enforcement of formal delegation policies. In: Proc. of CRISIS. IEEE, Los Alamitos (2008)Google Scholar
  17. 17.
    Song, E., Reddy, R., France, R., Ray, I., Georg, G., Alexander, R.: Verifiable composition of access control and application features. In: Proc. of SACMAT. ACM, New York (2005)Google Scholar
  18. 18.
    Ray, I., Li, N., France, R., Kim, D.K.: Using UML to visualize role-based access control constraints. In: Proc. of SACMAT. ACM Press, New York (2004)Google Scholar
  19. 19.
    Duke, R., Smith, G.: Temporal logic and Z specifications. Australian Computer Journal 21, 62–66 (1989)Google Scholar
  20. 20.
    Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: Proc. of POPL. ACM Press, New York (2000)Google Scholar
  21. 21.
    Stolz, V., Bodden, E.: Temporal assertions using AspectJ. In: Proc. of 5th Workshop on Runtime Verification. ENTCS (2005)Google Scholar
  22. 22.
    Chen, K., Lin, C.-W.: An aspect-oriented approach to declarative access control for web applications. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 176–188. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Verhanneman, T., Piessens, F., Win, B.D., et al.: Implementing a modular access control service to support application-specific policies in caesarJ. In: Proc. of AOMD. ACM Press, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Slim Kallel
    • 1
    • 2
  • Anis Charfi
    • 3
  • Mira Mezini
    • 1
  • Mohamed Jmaiel
    • 2
  • Karl Klose
    • 4
  1. 1.Software Technology GroupDarmstadt University of TechnologyGermany
  2. 2.ReDCAD LaboratoryNational Engineering School of SfaxTunisia
  3. 3.SAP Research CEC DarmstadtGermany
  4. 4.Department of Computer ScienceUniversity of AarhusDenmark

Personalised recommendations