• DocumentCode
    2709806
  • Title

    An Approach for Specifying Access Control Policy in J2EE Applications

  • Author

    Vo, Hieu Dinh ; Suzuki, Masato

  • Author_Institution
    Japan Adv. Inst. of Sci. & Technol., Tokyo
  • fYear
    2007
  • fDate
    4-7 Dec. 2007
  • Firstpage
    422
  • Lastpage
    429
  • Abstract
    Most applications based on J2EE platform use role- based access control as an efficient mechanism to achieve security. The current approach for specifying access rule is based on methods of Enterprise JavaBeans (EJBs). In large-scale systems, where a large number of EJBs are used and the interactions between EJBs are complex, direct use of this method- based approach is error-prone and difficult to maintain. We propose an alternative approach for specifying access control policy based on the concept of business function.
  • Keywords
    Java; authorisation; formal specification; object-oriented programming; Enterprise JavaBeans; J2EE applications; access control policy specification; business function; large-scale system; role-based access control; security; Access control; Application software; Costs; Information science; Information security; Information systems; Java; Large-scale systems; Software engineering; Sun;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering Conference, 2007. APSEC 2007. 14th Asia-Pacific
  • Conference_Location
    Aichi
  • ISSN
    1530-1362
  • Print_ISBN
    0-7695-3057-5
  • Type

    conf

  • DOI
    10.1109/ASPEC.2007.19
  • Filename
    4425883
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2709806