Abstract
Security and authorization play a very important role in the development, deployment and functioning of software systems. Java being the most popular platform for component-based software and systems, Java security is playing a key role in enterprise systems. The major drawback in the security support provided by J2EE and J2SE is the absence of a standard way to support instance level access control. JAAS does provide some help, but it is not without its share of problems. The newest standard related to security – XACML, provides a standard simple way to represent security policies. In the paper we propose a unique way to extend JAAS technology so that it can support class-instance level access control in a declarative manner. We then showcase how this extension can be molded in the XACML architecture, thereby providing an end-to-end standard based access control specification and implementation for J2SE and J2EE applications. The major advantage of our technique is that, being declarative it does not require any change to the security code when – either the security policies are changed or the security infrastructure is deployed in a new environment.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bhatti, R., Joshi, J.B., Bertino, E., Ghafoor, A.: Access Control in Dynamic XML-based Web-Services with X-RBAC. In: First International Conference on Web Services, Las Vegas (June 2003)
Fink, T., Koch, M., Oancea, C.: Specification and Enforcement of Access Control in Heterogeneous Distributed Applications. In: International Conference on Web Services (ICWS), Germany (September 2003)
Ungureanu, V., Misnky, N.H.: Unified Support for Heterogeneous Security Polices in Distributed Systems. In: 7th USENIX Security Symposium, Texas (January 1998)
OASIS extensible Access Control Markup language (XACML), http://www.oasis-open.org/committees
J2SE 5.0 in a nutshell, http://java.sun.com/developer/technicalArticles/releases/j2se15
Core J2EE patterns, Data Access Object, http://java.sun.com/blueprints/corej2eepatterns/Patterns/DataAccessObject.html
Vuong, N., Smith, G., Deng, Y.: Managing security policies in a distributed environment using eXtensible markup language. In: The 2001 ACM Symposium on Applied Computing, Las Vegas (March 2001)
Vayssiere, J.: Security and Meta Programming in Java. In: European Conference Object Oriented Programming - Workshop on Reflection and Meta-Level Architectures, France (May 2000)
Hauswirth, M., Kerer, C., Kurmanowytsch, R.: A Secure Exceution Framework for Java. In: 7th ACM Conference on Computer and Communications Security, Greece (November 2000)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML based Modeling Language for Model-Driven Security. In: Proceedings of UML 2002 - Unified Modelling Language, 5th International Conference, Germany (September 2002)
Goodwin, R., Goh, S.F., Wu, F.Y.: Instance-level access control for business-to-business electronic commerce. IBM Systems Journal 41(2) (2002)
Chen, S., Wijesekera, D., Jajodia, S.: Incorporating Dynamic Constraints in the Flexible Authorization Framework. In: 9th European Symposium on Research in Computer Security (ESORICS 2004), France (September 2004)
Wallach, D., Balfanz, D., Dean, D., Felten, E.: Extensible Security Architectures for Java. In: 16th Symposium on Operating Systems Principles, France (October 1997)
XML Serialization of Java Objects (SYS-CON), http://www.sys-con.com/story/?storyid=37550&DE=1
XStream: Java to XML Serialization and back again, http://joe.truemesh.com/blog/000261.html
De Capitani di Vimercati, S., Samarati, P., Jajodia, S.: Policies, Models, and Languages for Access Control. In: Workshop on Databases in Networked Information Systems, Japan (March 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gupta, R., Bhide, M. (2005). A Generic XACML Based Declarative Authorization Scheme for Java. In: di Vimercati, S.d.C., Syverson, P., Gollmann, D. (eds) Computer Security – ESORICS 2005. ESORICS 2005. Lecture Notes in Computer Science, vol 3679. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11555827_4
Download citation
DOI: https://doi.org/10.1007/11555827_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28963-0
Online ISBN: 978-3-540-31981-8
eBook Packages: Computer ScienceComputer Science (R0)