Extensible access control with authorization contracts

Scott Moore, Christos Dimoulas, Robert Bruce Findler, Matthew Flatt, Stephen Chong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Existing programming language access control frameworks do not meet the needs of all software components.We propose an expressive framework for implementing access control monitors for components. The basis of the framework is a novel concept: the authority environment. An authority environment associates rights with an execution context. The building blocks of access control monitors in our framework are authorization contracts: software contracts that manage authority environments. We demonstrate the expressiveness of our framework by implementing a diverse set of existing access control mechanisms and writing custom access control monitors for three realistic case studies.

Original languageEnglish (US)
Title of host publicationOOPSLA 2016 - Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
EditorsEelco Visser, Yannis Smaragdakis
PublisherAssociation for Computing Machinery
Pages214-233
Number of pages20
ISBN (Electronic)9781450344449
DOIs
StatePublished - Oct 19 2016
Event2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016 - Amsterdam, Netherlands
Duration: Oct 31 2016Nov 1 2016

Publication series

NameProceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA
Volume02-04-November-2016

Other

Other2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016
Country/TerritoryNetherlands
CityAmsterdam
Period10/31/1611/1/16

Keywords

  • Access control
  • Authorization logic
  • Contracts

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Extensible access control with authorization contracts'. Together they form a unique fingerprint.

Cite this