Aspect oriented approach to improvement role based access control systems

The important for Security system designs are required to be flexible enough to support multiple policies. While there are some approaches for implementing several different policies, how to support different models within the same policy family has not been answered with a satisfying solution. This is partly due to the limitation of traditional techniques for designing protection mechanisms, which decompose a system into units of functionality. Unlike the implementation of a new policy, extending a design to support a policy variant involves reusing some implemented functions. With traditional programming techniques it is inevitable to modify the existing functional units directly. In terms of object-orientation, such modifications include introducing new attributes, new member functions, and new definition of existing member functions. These are threats to the good modularity necessary to a flexible design. We propose an aspect-oriented approach to address the problem of supporting different models within the same policy family and to provide flexibility in security system design. As a case study, we present an aspect-oriented design framework for CORBA Access Control subsystem that supports different role-based access control models.