Extending Java for package based access control

Author

Papa, M. ; Bremer, O. ; Chandia, R. ; Hale, J. ; Shenoi, S.

Author_Institution

Center for Inf. Security, Tulsa Univ., OK, USA

fYear

2000

fDate

36861

Firstpage

67

Lastpage

76

Abstract

This paper describes an extension of the Java language that provides programmable security. The approach augments the Java syntax with constructs for specifying various access control policies for Java packages, including DAC, MAC, RBAC and TBAC. A primitive ticket based mechanism serves as the foundation for programmable security. The implementation incorporates a preprocessor for language translation and a security service library that implements the ticket management infrastructure. The preprocessor translates the extended Java source code to native Java for eventual bytecode interpretation simultaneously binding security services to the native code. The design is simple and flexible and provides developers with an effective tool for programming security within Java packages

Keywords

Java; authorisation; object-oriented programming; program interpreters; software libraries; DAC; Java language; MAC; RBAC; TBAC; bytecode interpretation; language translation preprocessor; package based access control; primitive ticket; programmable security; security service library; source code; syntax; ticket management; Access control; Authorization; Computer science; Data security; Information security; Java; Libraries; Object oriented modeling; Packaging; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications, 2000. ACSAC '00. 16th Annual Conference

Conference_Location

New Orleans, LA

Print_ISBN

0-7695-0859-6

Type

conf

DOI

10.1109/ACSAC.2000.898859

Filename

898859