Secure software architecture approach for role-based access control using aspect-oriented design

Organizations define and enforce AC policies to protect sensitive information resources. The policy imposes requirements to ensure that only authorized users have access to the sensitive information resources. Normally, systems for various applications operate with different access control requirements. Currently, there exist different AC models to fulfill different requirements, such as mandatory access control (MAC) model, discretionary access control (DAC) model, the Chinese Wall model, and Role-based Access Control (RBAC) model. Consequently, a general AC service means that it supports multiple AC models, hence satisfying different applications. Moreover, access control presents itself as a crosscutting concern, that is, it spans multiple object-oriented classes. However, implementing the access control requirements with the conventional object-oriented technique does not fully fulfil the modularization of crosscutting functionality. Because of different access control requirements, access control services should be flexible and extensible. This thesis proposes a framework for role-based access control mechanism for RBAC using an aspect-oriented technique at architectural level. An aspect-oriented technique provides the explicit means to modularize crosscutting concerns in modularity units called aspects. Aspect-oriented technique could encapsulate the access control services as crosscutting concerns. RBAC is selected as the model since it is a well accepted AC model. Instead of individually implementing the mechanism supporting individual AC models, a more general AC service can be designed by supporting the RBAC model only. Thus, the framework provides flexibility in designing a secure system using rolebased access control (RBAC) model. Moreover, an aspect-based role-based access control framework for CORBA authentication services has also been developed and formally verified. Two case studies have been implemented to verify the workability and the security properties of the proposed framework. In the case studies, the core RBAC mechanism in the framework was organized in an object-oriented design, while each extension was captured as an aspect. This has resulted in a flexible and modularized framework that supports modularization of crosscutting functionality. This framework can be easily extended to fit any new access control requirements. The thesis uses the Predicate/Transition Net (PrTN) to formally verify security properties of the proposed framework. The formal specification written in PrTN was translated into Promela, and verified using SPIN model checker. The security properties of the case studies were correct as expressed in temporal logic formulas.