An operational semantics of Java 2 access control

Author

Karjoth, Günter

Author_Institution

IBM Res. Div., Zurich, Switzerland

fYear

2000

fDate

2000

Firstpage

224

Lastpage

232

Abstract

Java 2 Security enhanced with the Java Authentication and Authorization Service (JAAS) provide sophisticated access control features via a user-configurable authorization policy. Fine-grained access control, code-based as well as user-based authorization, and implicit access rights allow the implementation of real-world policies, but of the cost of increased complexity. We provide a formal specification of the Java 2 and JAAS access control model that helps remove ambiguities of the informal definitions. It defines Java 2 access control in terms of an abstract machine, whose behavior is determined by a small set of transition rules. We illustrate the power of Java 2 access control by showing how commonly encountered authorization requirements can be implemented in Java 2

Keywords

Java; authorisation; finite automata; message authentication; object-oriented programming; JAAS; Java 2 access control; Java Authentication and Authorization Service; Java security; abstract machine; code-based authorization; fine-grained access control; formal specification; implicit access rights; operational semantics; user-based authorization; user-configurable authorization; Access control; Authentication; Authorization; Costs; Data security; Formal specifications; Inspection; Java; Permission; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 2000. CSFW-13. Proceedings. 13th IEEE

Conference_Location

Cambridge

ISSN

1063-6900

Print_ISBN

0-7695-0671-2

Type

conf

DOI

10.1109/CSFW.2000.856939

Filename

856939