Static Enforcement of Role-Based Access Control
This work addresses security enforcement for developers of Java applications, but it is incremental as it builds on existing RBAC concepts with a static verification focus.
The authors tackled the problem of enforcing Role-Based Access Control (RBAC) policies in Java applications by proposing a static approach that integrates security requirements into system architecture, resulting in a method for statically verifying policy adherence without runtime overhead.
We propose a new static approach to Role-Based Access Control (RBAC) policy enforcement. The static approach we advocate includes a new design methodology, for applications involving RBAC, which integrates the security requirements into the system's architecture. We apply this new approach to policies restricting calls to methods in Java applications. We present a language to express RBAC policies on calls to methods in Java, a set of design patterns which Java programs must adhere to for the policy to be enforced statically, and a description of the checks made by our static verifier for static enforcement.