Uniform Application-level Access Control Enforcement of Organizationwide Policies

Tine Verhanneman
Katholieke Universiteit Leuven
Belgium

Frank Piessens
Katholieke Universiteit Leuven
Belgium

Bart De Win
Katholieke Universiteit Leuven
Belgium

Wouter Joosen
Katholieke Universiteit Leuven
Belgium

Enforcing fine-grained and expressive access control policies on application resources can only be done in application-level code. Due to the fact that the burden is entirely placed on the application deployer to translate high-level policy rules to deployment descriptors, configuration files or code, it is hard to enforce such a
policy uniformly in the different applications deployed within the organization.
To address this problem, the concept of an access interface is introduced as a contract between an organizationwide authorization engine and the various applications that need its services. By means of a view connector, it is ensured that each application
complies with this contract. This approach naturally supports the separation-of-concerns principle and as a consequence also a uniform enforcement of an organizationwide policy.

Keywords: access control, separation of concerns, aspect oriented software development

Read Paper Read Paper (in PDF)