Abstract
The security policies of an application can change at runtime due to several reasons, as for example the changes on the user preferences, the lack of enough resources in mobile environments or the negotiation of security levels between the interacting parties. As these security policies change, the application code that copes with the security functionalities should be adapted in order to enforce at runtime the changing security policies. In this paper we present the design, implementation and evaluation of a runtime security adaptation service. This service is based on the combination of autonomic computing and aspect-oriented programming, where the security functionalities are implemented as aspects that are dynamically configured, deployed or un-deployed by generating and executing a security adaptation plan. This service is part of the INTER-TRUST framework, a complete solution for the definition, negotiation and run-time enforcement of security policies.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
FP7 European Project INTER-TRUST: Interoperable Trust Assurance Infrastructure, http://www.inter-trust.eu/
Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: POLICY, pp. 120–131 (2003)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Sandhu, R.: Lattice-based access control models. Computer 26(11), 9–19 (1993)
IBM: Autonomic Computing White Paper - An architectural blueprint for autonomic computing. IBM Corp. (2005)
Hallsteinsen, S., Hinchey, M., Park, S., Schmid, K.: Dynamic Software Product Lines. Computer 41(4), 93–95 (2008)
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-Oriented Programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
Mallouli, W., de Oca, E.M., Wehbi, B., Fuentes, L., Pinto, M., Horcas, J.M., Benab, J.B., Prez, J.M.M., Ayed, S., Cuppens, N., Cuppens, F., Toumi, K., Cavalli, A., Kerezsi, E.: Specification and design of the secure interoperability framework and tools - first version. Deliverable D4.2.1, FP7 European Project INTER-TRUST (2013), http://inter-trust.lcc.uma.es/documents/10180/15714/INTER-TRUST-T4.2-MI-DELV-D4.2.1-SpecDesSecInterFram
Haugen, O., Wąsowski, A., Czarnecki, K.: CVL: Common Variability Language. In: SPLC 2012, vol. 2, pp. 266–267 (2012)
Horcas, J.M., Pinto, M., Fuentes, L.: Closing the gap between the specification and enforcement of security policies. In: TrustBus (2014)
Andrade, R., Ribeiro, M., Gasiunas, V., Satabin, L., Rebelo, H., Borba, P.: Assessing idioms for implementing features with flexible binding times. In: CSMR, pp. 231–240 (2011)
Andrade, R., Rebelo, H., Ribeiro, M., Borba, P.: Aspectj-based idioms for flexible feature binding. In: SBCARS, pp. 59–68 (2013)
Arrazola, J., Merle, L.: Specification of the evaluation criteria. Deliverable D5.2, FP7 European Project INTER-TRUST (2013), http://inter-trust.lcc.uma.es/documents/10180/15714/INTER-TRUST+-++D5.2+Specification+of+the+evaluation+criteria/72c26aff-51fa-4117-b9ba-7afcac8468e0
Bernab, J.B., Perez, J.M.M., Skarmeta, A.F., Pasini, R., Viszlai, E., Mallouli, W., Toumi, K., Ayed, S., Pinto, M., Fuentes, L., Horcas, J.M., Arrazola, J., Merle, L., Frontanta, J.L.V.: Results of first evaluation. Deliverable D5.3, FP7 European Project INTER-TRUST (2013), http://inter-trust.lcc.uma.es/documents/10180/15714/INTER-TRUST-T5.3-UMU-DELV-D5.3-ResultsFirstEval-V1.00.pdf/f8547c6e-bdbe-4be2-ade9-0698876d4423
Win, B.D., Piessens, F., Joosen, W.: How secure is AOP and what can we do about it? In: SESS, pp. 27–34. ACM (2006)
Elrakaiby, Y., Amrani, M., Le Traon, Y.: Security@runtime: A flexible mde approach to enforce fine-grained security policies. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS. LNCS, vol. 8364, pp. 19–34. Springer, Heidelberg (2014)
Tan, J.J., Poslad, S.: Dynamic security reconfiguration for the semantic web. Engineering Applications of Artificial Intelligence 17(7), 783–797 (2004)
Tan, J.J., Poslad, S., Titkov, L.: A semantic approach to harmonizing security models for open services. Applied Artificial Intelligence 20(2-4), 353–379 (2006)
Jrjens, J.: Secure Systems Development with UML. Springer (2010)
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)
Lang, U.: OpenPMF SCaaS: Authorization as a service for cloud amp; SOA applications. In: CloudCom, pp. 634–643 (2010)
Lang, U.: Cloud & SOA application security as a service. In: ISSE 2010 Securing Electronic Business Processes, pp. 61–71 (2011)
Katt, B., Gander, M., Breu, R., Felderer, M.: Enhancing model driven security through pattern refinement techniques. In: Beckert, B., Bonsangue, M.M. (eds.) FMCO 2011. LNCS, vol. 7542, pp. 169–183. Springer, Heidelberg (2012)
Morin, B., Mouelhi, T., Fleurey, F., Traon, Y.L., Barais, O., Jézéquel, J.M.: Security-driven model-based dynamic adaptation. In: ASE, pp. 205–214 (2010)
Dong, W.: Dynamic reconfiguration method for web service based on policy. In: Electronic Commerce and Security, 61–65 (2008)
Gheorghe, G., Crispo, B., Carbone, R., Desmet, L., Joosen, W.: Deploy, adjust and readjust: Supporting dynamic reconfiguration of policy enforcement. In: Kon, F., Kermarrec, A.-M. (eds.) Middleware 2011. LNCS, vol. 7049, pp. 350–369. Springer, Heidelberg (2011)
Cho, H.S., Hwang, S.M.: Mobile cloud policy decision management for mds. In: Lee, G., Howard, D., Kang, J.J., Ślęzak, D. (eds.) ICHIT 2012. LNCS, vol. 7425, pp. 645–649. Springer, Heidelberg (2012)
Gamez, N., Fuentes, L.: Software product line evolution with cardinality-based feature models. In: Schmid, K. (ed.) ICSR 2011. LNCS, vol. 6727, pp. 102–118. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Horcas, JM., Pinto, M., Fuentes, L. (2014). Runtime Enforcement of Dynamic Security Policies. In: Avgeriou, P., Zdun, U. (eds) Software Architecture. ECSA 2014. Lecture Notes in Computer Science, vol 8627. Springer, Cham. https://doi.org/10.1007/978-3-319-09970-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-09970-5_29
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09969-9
Online ISBN: 978-3-319-09970-5
eBook Packages: Computer ScienceComputer Science (R0)