【 摘 要 】

Security is among the most successful applications of aspect-oriented concepts. In particular, in role-based access control, aspects capture access conditions in a quite modular way. The question we address in this paper is how can aspects be generated from access control policies under a validated process? We present a metamodel-based transformation from SecureUML, a role-based access control language, to an abstract aspect language. Within this model-driven engineering context, a security policy is represented as an instance of SecureUML's metamodel and the generated aspect is represented as an instance of the abstract aspect language metamodel. Invariants specified on the merged metamodel of SecureUML and the abstract aspect language are checked to validate the generated aspect with respect to the given security policy. We have prototyped our approach as a Java application on top of IT- P/OCL, a rewriting-based OCL evaluator. It outputs validated AspectJ code from a SecureUML policy.

【 预 览 】

附件列表

Files	Size	Format	View
From Access Control Policies to an Aspect-based Infrastructure: A Metamodel-based Approach	282KB	PDF	download