Implementing a modular access control service to support application-specific policies in CaesarJ

Abstract: Ideally, the enforcement of application-specific policies in an access control service should be untangled from the application logic. The access control services that are provided in state-of-the-art application servers typically fail to support such a separation. Aspect-Oriented Software Development techniques can be used to alleviate such shortcomings. This paper describes the design and implementation of a modular access control service that improves the separation between application logic and access cont… Show more

“…In [45] the authors present general guidelines for how to compose access control aspects in AspectJ, while in [46] an enforcement of application-specific policies in an access control service is implemented in CaesarJ. Phung and Sands [8] identify classes of reference monitorstyle policies that can be defined and enforced by AspectJ and present a method to realize some history-dependent security policies which cannot be naturally expressed in AspectJ.…”

Secondary use of data in EHR systems

“…In [45] the authors present general guidelines for how to compose access control aspects in AspectJ, while in [46] an enforcement of application-specific policies in an access control service is implemented in CaesarJ. Phung and Sands [8] identify classes of reference monitorstyle policies that can be defined and enforced by AspectJ and present a method to realize some history-dependent security policies which cannot be naturally expressed in AspectJ.…”

Secondary use of data in EHR systems

Predictive access control for distributed computation

A Modular Access Control Service for Supporting Application-Specific Policies