Closing the Gap between the Specification and Enforcement of Security Policies

Description

Security policies are enforced through the deployment of certain security functionalities within the applications. Applications can have different levels of security and thus each security policy is enforced by different security functionalities. Thus, the secure deployment of an application is not an easy task, being more complicated due to the existing gap between the specification of a security policy and the deployment, inside the application, of the security functionalities that are required to enforce that security policy. The main goal of this paper is to close this gap. This is done by using the paradigms of Software Product Lines and Aspect-Oriented Programming in order to: (1) link the security policies with the security functionalities, (2) generate a configuration of the security functionalities that fit a security policy, and (3) weave the selected security functionalities into an application. We qualitatively evaluate our approach, and discuss its benefits using a case study.

Abstract

European Union INTER-TRUST FP7- 317731

Abstract

Ministerio de Economía y Competitividad TIN2012-34840

Abstract

Junta de Andalucía FamiWare P09-TIC-5231

Abstract

Junta de Andalucía MAGIC P12-TIC1814

Additional details