A formal approach to derive an aspect oriented programming-based implementation of a secure access control filter

Abstract : Context: Nowadays, Information Systems (IS) are at the heart of most companies and constitute then a critical element that needs an adequate attention regarding security issues of sensitive data it manages. Objective: This paper presents a formal approach for the development of a lter to secure access to sensitive resources of information systems. Method: The proposed approach consists of three complementary steps. Designers start by modeling the functionalities of the system and its security requirements using dedicated UML diagrams. These diagrams are then automatically translated into a formal B specication suitable not only for reasoning about data integrity checking but also for the derivation of a trustworthy implementation. Indeed, a formal renement process is applied on the generated B specication to obtain a relationallike B implementation which is then translated into an AspectJ implementation, connected to a SQL Server (release 2014) relational database system. Such a generation is performed following the aspect oriented programming paradigm which permits a separation of concerns by making a clear distinction between functional and security aspects. Results: A systematic formal approach to derive a secure lter that regulates access to the sensitive data of an information system. The lter considers both static and dynamic access rules. A tool that supports the proposed approach is also provided. Conclusion: The approach has been applied on several case studies that demonstrate that the development of a tool permits to free the developers from tedious and error-prone tasks since they have just to push a button to generate the AspectJ code of an application
Type de document :
Article dans une revue
Information and Software Technology, Elsevier, 2017, 92, pp.158 - 178. 〈10.1016/j.infsof.2017.08.001〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01692569
Contributeur : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Soumis le : jeudi 25 janvier 2018 - 11:50:07
Dernière modification le : samedi 27 janvier 2018 - 01:14:37

Identifiants

Citation

Amel Mammar, Thi Mai Nguyen, Régine Laleau. A formal approach to derive an aspect oriented programming-based implementation of a secure access control filter. Information and Software Technology, Elsevier, 2017, 92, pp.158 - 178. 〈10.1016/j.infsof.2017.08.001〉. 〈hal-01692569〉

Partager

Métriques

Consultations de la notice

63