Scenario Based Access Control Model Implemented in J2EE with AspectOriented Software Development - PowerPoint PPT Presentation
1 / 37
Title:
Scenario Based Access Control Model Implemented in J2EE with AspectOriented Software Development
Description:
Scenario Based Access Control Model Implemented in J2EE with Aspect ... Captain Jason Furlong. Department of Electrical and Computer Engineering. Proposal. Goal ... – PowerPoint PPT presentation
Number of Views:50
Avg rating:3.0/5.0
Title: Scenario Based Access Control Model Implemented in J2EE with AspectOriented Software Development
1
Scenario Based Access Control Model Implemented
in J2EE with Aspect-Oriented Software Development
- Captain Jason Furlong
- Department of Electrical and Computer Engineering
2
Proposal
3
Goal
- Outline my thesis proposal and discuss the
following items - The Java 2 Enterprise Edition (J2EE) environment
- Aspect-Oriented Software Development techniques
- Implementing a Scenario Based Access Control
Model
4
Java 2 Enterprise Edition
Client
- Standard for multitier enterprise applications
- Designed to encourage a Java based software
component industry - Abstracts details of application behaviour such
as multithreading and persistence
Presentation
Logic
5
AOSD Aspect Oriented Software Development
- An alternative development philosophy that
provides an Advanced Separation of Concerns - Identify Crosscutting concerns early in
development process - Permits code weaving so that crosscutting
concerns can be independently developed
6
Scenario Based Access Control(SBAC)
- Provides a deterministic OO solution to access
control - Designed to mirror the workflow processes of an
enterprise employee - Permissions are allocated on a pre-scripted
Scenario
7
Java 2 Enterprise Edition
8
Middleware Systems
- The workflow process is best applied to a
middleware platform - Relates to a Business Model
- Hides complexity through abstraction
- Example Database Connectivity and transactions
- 3 prominent middleware platforms
- CORBA (Object Management Group)
- .net (Microsoft)
- J2EE (Sun Java)
9
J2EE Model
4 Tier Model
Client
Client Layer
Web Server
Presentation
Business Logic
Logic
Data
10
Aspect Oriented Software Development
11
The Crosscutting Problem
- Crosscutting Code
- Code that is particular to the same concern but
is spread across several modules - Security is a Crosscutting Concern
- Difficult to consistently apply standards and
policies to Concerns that are scattered and
tangled
12
Code is not modularized
- logging in org.apache.tomcat
- red shows lines of code that handle logging
- not in just one place
- not even in a small number of places
www.AspectJ.org
13
Aspect Oriented Software Development
- An advanced Separation of Concerns
- Addresses Crosscutting concerns in 4 processes
- Identification
- Separation
- representation
- composition
- Permits the development and extension of
orthogonal concerns
14
Orthogonal Design Requirements
Basic Functionality
Logging
Security
15
Superimposition of Multiple Abstraction Models
Basic Functionality
Logging
Security
16
Aspect-Oriented Software Development
- Applies to the whole software process
- Best used with an Aspect-Oriented Language
- HyperJ
- AspectJ
- ComposeJ
17
Benefits of AOSD
- Comprehensibility
- Modularity
- Reusability
- Better Separation of Concerns
- Decomposability
18
Why SBAC?
19
Defining the Problem
.
20
Scenario Based Access Control(SBAC)
- Based on the observability of Objects
- Assumes that the availability of an Object and
the methods that can be invoked will change
according to a scenario hence a temporal variance
in the permission set - In following a Scenario, the model is
deterministic in satisfying a Safety Analysis - The Scenario is supposed to mimic the workflow of
an enterprise employee
21
SBAC uses Objects
22
Collaboration
23
Solution
- Using an EJB Reference Monitor
24
J2EE
Client
Client
Web Server
Business Logic
25
Reference Monitor
Client
Client
Web Server
Business Logic
Reference Monitor
26
Presenting the Information
- Permitted Observability of objects changes as the
scenario expands - Permissions available to user is highly dynamic
they are given and taken away with each step in
the scenario. - Model-View-Controller Pattern solves the
presentation problem
27
Model-View-Controller
28
JavaServer Faces
- Open-source project originally called Struts
- Web server Model-View-Controller
- View JavaServer Pages
- Model Enterprise JavaBeans
- Controller Java Servlets
- Allows for dynamic generation of user interface
using HTML
J2EE
29
JavaServer Faces
Client
Web Server
Business Logic
30
Tentative Plan
Client
Web Server
Business Logic
Model
31
My Goals
- Create a reusable framework for the J2EE
environment - Incorporate AOSD through all phases of the
project - Establish the foundation of an SBAC Scenario
Library for Security Engineers
32
Summary
- Java 2 Enterprise Edition
- Aspect Oriented Software Development
- Scenario Based Access Control Model
- JavaServer Faces (Model-View-Controller Pattern)
33
Questions
??????????????????????????????
??????????????????????????????
??????????????????????????????
- ??????????????????????????????
34
J2EE
- Built in support for transactions
- Java has most developed collection of AOP
languages - Open Design
- Less complicated design than CORBA
- Strong community support
35
J2EE
4 Tier Model
36
Enterprise JavaBeans
- Software Component that is pooled in a J2EE
container - Implements business logic
37
Concern Matrix
Workspace Roles
Concurrency
Persistence
Requirement/Viewpoint
Recommended
CrystalGraphics Presentations
