2009 Third International Conference on Emerging Security Information, Systems and Technologies (2009)
June 18, 2009 to June 23, 2009
Java collaborative applications are increasingly and widely used in the form of applets or servlets, as a way to easily download and execute small programs on one's computer. However, security associated with these downloaded applications, even if it exists, is not easily manageable. Most of the time, it relies on the user's ability to define a security policy for his virtual machine, which is undesirable. This paper proposes to integrate an RBAC mechanism for any Java application. It introduces a simple tag process that allows the developer to incorporate the appropriate policy in the source code of his application. The user is endowed with the ability to choose a role that corresponds to the required level of trust required in order for him to embed the policy in the executed code. A case study of a collaborative application shows how works the proposed API for managing roles, generating policies and logging in. At the end, a discussion about the dynamic enforcement of the generated policies is presented.
RBAC, java, collaborative applications
X. Kauffmann-Tourkestansky, J. Lalande, W. W. Smari and J. Briffaut, "Generation of Role Based Access Control Security Policies for Java Collaborative Applications," 2009 Third International Conference on Emerging Security Information, Systems and Technologies(SECURWARE), Athens/Glyfada, Greece, 2009, pp. 224-229.