Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.745416
Title: Enforcing role-based and category-based access control in Java : a hybrid approach
Author: Ali, Asad
Awarding Body: King's College London
Current Institution: King's College London (University of London)
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Access control policies often are partly static, i.e. no dependence on any run-time information, and partly dynamic. However, they are usually enforced dynamically -even the static parts. We propose a new hybrid approach to policy enforcement in the Category-Based Access Control (CBAC) meta-model. We first tackle the challenge of static enforcement of policies following the Role-Based Access Control (RBAC) model, then build on this to enforce, using a hybrid approach, policies following the CBAC model. For the former case, the static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security require-ments into the system’s architecture, helping to ensure that policies are correctly defined and enforced. We apply this new approach to policies restricting calls to methods in Java applications. However, our approach is more general and can be applied to other Object-Oriented languages. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a high-level algorithm for static enforcement. We then adapt and extend this system for hybrid enforcement of CBAC. We modify the static system’s policy language, JPol, to specify static and dynamic categories. We establish an equivalence between static categories and static roles (in RBAC), therefore we are able to use the previous design patterns and static verification algorithm, with some adaptations and changes, to enforce static categories. For dynamic categories, we propose a new design methodology and generate code in the target program to do the necessary run-time checks.
Supervisor: Fernandez, Maria Isabel ; Urban, Christian ; Barker, Steven Graham Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.745416  DOI: Not available
Share: