An Approach for Generation of J2EE Access Control Configurations from Requirements Specification

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Lianshan Sun Articles by Gang Huang Articles by Yanchun Sun Articles by Hui Song Articles by Hong Mei

2008 The Eighth International Conference on Quality Software

August 12-August 13

ISBN: 978-0-7695-3312-4

	ASCII Text	x
	Lianshan Sun, Gang Huang, Yanchun Sun, Hui Song, Hong Mei, "An Approach for Generation of J2EE Access Control Configurations from Requirements Specification," Quality Software, International Conference on, pp. 87-96, 2008 The Eighth International Conference on Quality Software, 2008.

	BibTex	x
	@article{ 10.1109/QSIC.2008.4, author = {Lianshan Sun and Gang Huang and Yanchun Sun and Hui Song and Hong Mei}, title = {An Approach for Generation of J2EE Access Control Configurations from Requirements Specification}, journal ={Quality Software, International Conference on}, volume = {0}, year = {2008}, issn = {1550-6002}, pages = {87-96}, doi = {http://doi.ieeecomputersociety.org/10.1109/QSIC.2008.4}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Quality Software, International Conference on TI - An Approach for Generation of J2EE Access Control Configurations from Requirements Specification SN - 1550-6002 SP87 EP96 A1 - Lianshan Sun, A1 - Gang Huang, A1 - Yanchun Sun, A1 - Hui Song, A1 - Hong Mei, PY - 2008 KW - Model Transformation KW - Role-Based Access Control KW - J2EE KW - Access Control Configurations KW - Security VL - 0 JA - Quality Software, International Conference on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/QSIC.2008.4

Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.

Index Terms:

Model Transformation, Role-Based Access Control, J2EE, Access Control Configurations, Security

Citation:

Lianshan Sun, Gang Huang, Yanchun Sun, Hui Song, Hong Mei, "An Approach for Generation of J2EE Access Control Configurations from Requirements Specification," qsic, pp.87-96, 2008 The Eighth International Conference on Quality Software, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.