URBS Enforcement Mechanisms for Object-Oriented Systems

“…In this section, two approaches to generating code for an RBAC enforcement mechanism, as given in [DEMU95], are briefly reviewed using the HCA example from Section 2.0. These approaches function under the assumption that there is no user code involved in the system, i.e., a static system.…”

“…The work in [DEMU95] was based on a proposal [DEMU94] that security definition and enforcement for object-oriented systems must be consistent with its precepts and principles, including public/private II-83 interfaces, encapsulation, information hiding, inheritance, polymorphism, dispatching, overloading, software reuse, software evolution, and extensibility. Two approaches proposed in [DEMU9.5] targeted extensible and reusable C+ + RBAC mechanisms that try to insulate the software engineer from security considerations while simultaneously ensuring that the object-oriented system enforces the required RBAC.…”

“…In Section 2.0, we review the ADAM environment and its support for RBAC. Section 3.0 presents a brief recap of two alternative approaches for RBAC enforcement mechanisms mentioned briefly above and given in [DEMU95]. In Section 4.0, four critical issues related to RBAC for object-oriented systems are proposed and explored in detail.…”

“…In a recent paper [DEMU95], we presented our work on approaches to enforcement for role-based access control (RBAC) in object-oriented systems. The public interface for each class provides access to private information via methods.…”

“…Our previous efforts [DEMU95,HU94b,HU93] have proposed approaches to augment the public interfaces of object-oriented systems with RBAC to allow different individuals to have particular access to specific subsets of the public interface at different times based on their roles. These approaches examined the automatic generation of C + + code from an RBAC design developed using the ADAM environment [HU94b].…”

Role-based access control for object-oriented/C++ systems

“…In this section, two approaches to generating code for an RBAC enforcement mechanism, as given in [DEMU95], are briefly reviewed using the HCA example from Section 2.0. These approaches function under the assumption that there is no user code involved in the system, i.e., a static system.…”

“…The work in [DEMU95] was based on a proposal [DEMU94] that security definition and enforcement for object-oriented systems must be consistent with its precepts and principles, including public/private II-83 interfaces, encapsulation, information hiding, inheritance, polymorphism, dispatching, overloading, software reuse, software evolution, and extensibility. Two approaches proposed in [DEMU9.5] targeted extensible and reusable C+ + RBAC mechanisms that try to insulate the software engineer from security considerations while simultaneously ensuring that the object-oriented system enforces the required RBAC.…”

“…In Section 2.0, we review the ADAM environment and its support for RBAC. Section 3.0 presents a brief recap of two alternative approaches for RBAC enforcement mechanisms mentioned briefly above and given in [DEMU95]. In Section 4.0, four critical issues related to RBAC for object-oriented systems are proposed and explored in detail.…”

“…In a recent paper [DEMU95], we presented our work on approaches to enforcement for role-based access control (RBAC) in object-oriented systems. The public interface for each class provides access to private information via methods.…”

“…Our previous efforts [DEMU95,HU94b,HU93] have proposed approaches to augment the public interfaces of object-oriented systems with RBAC to allow different individuals to have particular access to specific subsets of the public interface at different times based on their roles. These approaches examined the automatic generation of C + + code from an RBAC design developed using the ADAM environment [HU94b].…”

Role-based access control for object-oriented/C++ systems

Capability-based primitives for access control in object-oriented systems

Role Based Security and Java