A framework of composable access control features: Preserving separation of access control concerns from models to code

Modeling of security policies, along with their realization in code, must be an integral part of the software development process, to achieve an acceptable level of security for a software application. Among all of the security concerns (e.g. authentication, auditing, access control, confidentiality, etc.), this paper addresses the incorporation of access control into software. The approach is to separate access control concerns from the rest of the design. To assist designers to visualize access control policies separated from non-security concerns, this paper proposes a set of access control diagrams, i.e., extensions to the UML to represent three main access control models: role-based access control (RBAC), mandatory access control (MAC), and discretionary access control (DAC). To better adapt to changing requirements, and assist designers to customize access control policies, this paper proposes a set of access control features, i.e., small components that realize specific capabilities of access control models. Designers can select the features they require, and compose them to yield different access control policies. When transitioning into code, the main focus is to preserve separation of access control concerns. This paper describes an approach to realize access control diagrams and features in code through structurepreserving mappings, describes three different approaches to enforce access control in code, and evaluates the way each of them separate access control from other concerns. 2009 Elsevier Ltd. All rights reserved.