Modular and secure access control with aspects
| Professor Advisor | dc.contributor.advisor | Tanter, Éric | |
| Author | dc.contributor.author | Toledo Toledo, Rodolfo Andrés | |
| Staff editor | dc.contributor.editor | Facultad de Ciencias Físicas y Matemáticas | |
| Staff editor | dc.contributor.editor | Departamento de Ciencias de la Computación | |
| Associate professor | dc.contributor.other | Fabry, Johan | |
| Associate professor | dc.contributor.other | Hevia Angulo, Alejandro | |
| Associate professor | dc.contributor.other | Bodden, Eric | |
| Admission date | dc.date.accessioned | 2014-10-07T12:14:56Z | |
| Available date | dc.date.available | 2014-10-07T12:14:56Z | |
| Publication date | dc.date.issued | 2014 | |
| Identifier | dc.identifier.uri | https://repositorio.uchile.cl/handle/2250/117015 | |
| General note | dc.description | Doctor en Ciencias, Mención Computación | |
| Abstract | dc.description.abstract | It is inevitable that some concerns crosscut a sizable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: it is difficult to be confident about the security of an application when the implementation of its security related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this thesis work, we consider the case of access control, a cornerstone of every security architecture, which turns out to be a crosscutting concern with a non-modular implementation based on runtime stack inspection in mainstream languages such as Java and C#. We make use of aspect orientation for the modular definition of access control. More precisely, we design and implement access control, including the advanced features associated to it, in a modular way. We demonstrate that this modular implementation is secure, even in the presence of untrusted aspects. A modular implementation alleviates maintenance and evolution issues produced by the crosscutting nature of access control, and, more importantly, paves the way to global reasoning about access control. | en_US |
| Lenguage | dc.language.iso | en | en_US |
| Publisher | dc.publisher | Universidad de Chile | en_US |
| Type of license | dc.rights | Attribution-NonCommercial-NoDerivs 3.0 Chile | * |
| Link to License | dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/cl/ | * |
| Keywords | dc.subject | Software computacional - Desarrollo | en_US |
| Keywords | dc.subject | Seguridad de bases de datos | en_US |
| Keywords | dc.subject | Aspect-oriented programming | en_US |
| Keywords | dc.subject | Control de acceso | en_US |
| Keywords | dc.subject | Modular implementation | en_US |
| Título | dc.title | Modular and secure access control with aspects | en_US |
| Document type | dc.type | Tesis |
Files in this item
This item appears in the following Collection(s)
-
Tesis Postgrado
Tesis Postgrado
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 Chile