Title: Labeling Objects with AspectJ based on the Flask Architecture
1Labeling Objects with AspectJ based on the Flask
Architecture
2Flask Architecture
Source The Flask Security Architecture System
Support for Diverse Security Policies,
Loscocco,Smalley, Spencer,Lepreau,Hibler,Andersen
3 Implementation of Flask using AspectJ to
implement access control in Java programs
Label2
Label1
Permission granted/denied
File System
Code
Threads
AOP API
Policy DB
Execute
I/O API
UserID
4Proposed Labeling Mechanism
Policy
5Interception, Policy-query, access-decision,
Policy-Enforcement
Can Subject labeled with L1 call method mi() in
Object labeled with L2?????
L2
L1,L2,mi()
L1
L2
Policy
Get L2 using reflection
Access Decision
Stop!!!
Same Aspect
Do Something
AspectJ
6Questions