The problem of protectinginformation processing systems by implementing security policies in them is considered.The existing methods for solving this problem are analyzed, their disadvantagesare noted, and the original method is proposed which avoids the noted disadvantages andis based on the aspect-oriented programming. In contrast to traditional aspect-orientedprogramming implementations, in the proposed method the security policy aspect is joinedto the information processing system with the special integration module and without modificationof either the information processing system or the security policy aspect that arewritten independently from each other and from the integration module. For the implementationof the method, the instrumental environment is created including the aspect-orientedprogramming language AspectTalk, the virtual machine and the translator from AspectTalkinto the virtual machine language. The article contains the brief description of both theproposed method and the noted instrumental environment.
Download file
Counter downloads: 103
- Title Implementation of security policies in programming informationprocessing systems
- Headline Implementation of security policies in programming informationprocessing systems
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 3(13)
- Date:
- DOI
Keywords
virtual machine, AspectTalk, aspect-oriented programming, security policy, виртуальная машина, information processing systems, AspectTalk, аспектно-ориентированное программирование, политика безопасности, система обработки информацииAuthors
References
АбельсонХ., Сассман Дж. Структура и интерпретация компьютерных программ. М.: Добросвет, 2006. 608 с.
Ахо А., Ульман Дж., Сети Р. Компиляторы: принципы, технологии и инструменты. М.: Вильямс, 2003. 768с.
Goldberg A. and RobsonD. Smalltalk 80 -The Language and its implementation. Addison- Wesley, 1983. V. 1. 714 p.
Bergmans L. and Aksit M. Composing Crosscutting Concerns Using Composition Filters // Commun. ACM. 2001. V.44. No. 10. P. 51-57.
Lieberherr K., Orleans D., and Ovlinger J. Aspect-Oriented Programming with Adaptive Methods // Commun. ACM. 2001. V.44. No. 10. P. 39-41.
Diaz Pace J. A. and CampoM.R. Analyzing the Role of Aspects in Software Design // Commun. ACM. 2001. V.44. No. 10. P. 67-73.
Kiczales G., Hilsdale E., Hugunin J., et al. Getting Started with AspectJ // Commun. ACM. 2001. V. 44. No. 10. P. 59-65.
http://eclipse.org/aspectj - The AspectJ Project. 2011.
Kiczales G. The Art of Meta-Object Protocol. The MIT Press, 1991. 345 p.
Bouraqadi N., Seriai A., and Leblanc G. Towards unified aspect-oriented programming // ESUG 2005 Research Conference. Brussels, Belgium, 2005. 22 p.
Стефанцов Д. А. Технология и инструментальная среда создания защищённых систем обработки информации // Прикладная дискретная математика. Приложение. 2009. №1. С.55-56.
Стефанцов Д. А. Реализация политик безопасности в компьютерных системах с помощью аспектно-ориентированного программирования // Прикладная дискретная математика. 2008. №1. С. 94-100.
ElradT., FilmanR.E., and Bader A. Aspect-Oriented Programming // Commun. ACM. 2001. V. 44. No. 10. P. 29-32.
http://2008.asiabsdcon.org/papers/P3A-paper.pdf - Implementing Jails Under the kauth Framework. 2008.
http://netbsd.gw.com/cgi-bin/man-cgi?kauth+9+NetBSD-current - NetBSD Kernel Developer's Manual. kauth. 2009.
http://www.nsa.gov/research/selinux/index.shtml - Security-Enhanced Linux. 2009.
http://developer.apple.com/library/mac/#technotes/tn2127/_index.html - Technical Note TN2127. Kernel Authorization. 2010.
DoD 5200.28-STD (Trusted Computer System Evaluation Criteria) USA: National Computer Security Center, 1985. 116 p.
Landwehr C. E. Formal models for computer security // ACM Comput. Surv. 1981. V. 13. No. 3. P. 247-278.
Девянин П. Н. Анализ безопасности управления доступом и информационными потоками в компьютерных системах. М.: Радио и связь, 2006. 176 с.
BellD.E. and LaPadula L. J. Secure computer system: Unified exposition and multics interpretation: Tech. Rep. ESD-TR-75-306. The MITRE Corporation, 1976.
Implementation of security policies in programming informationprocessing systems | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2011. № 3(13).
Download full-text version
Download fileCounter downloads: 249