Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Computer Engineering
Access Control Contracts For Java Program Modules, Carlos E. Rubio-Medrano, Yoonsik Cheon
Access Control Contracts For Java Program Modules, Carlos E. Rubio-Medrano, Yoonsik Cheon
Departmental Technical Reports (CS)
Application-level security has become an issue in recent years; for example, errors, discrepancies and omissions in the specification of access control constraints of security-sensitive software components are recognized as an important source for security vulnerabilities. We propose to formally specify access control assumptions or constraints of a program module and enforce them at run-time. We call such specifications access control contracts. To realize access control contracts, we extended the JML language, a formal interface specification language for Java, and developed a prototype support tool that translates access control contracts to runtime checks. The access control contract reduces the vulnerability that …
Runtime Constraint Checking Approaches For Ocl, A Critical Comparison, Carmen Avila, Amritam Sarcar, Yoonsik Cheon, Cesar Yeep
Runtime Constraint Checking Approaches For Ocl, A Critical Comparison, Carmen Avila, Amritam Sarcar, Yoonsik Cheon, Cesar Yeep
Departmental Technical Reports (CS)
There are many benefits of checking design constraints at runtime---for example, automatic detection of design drift or corrosion. However, there is no comparative analysis of different approaches although such an analysis could provide a sound basis for determining the appropriateness of one approach over the others. In this paper we conduct a comparative analysis and evaluation of different constraint checking approaches possible for the Object Constraint Language (OCL). We compare several approaches including (1) direct translation to implementation languages, (2) use of executable assertion languages, and (3) use of aspect-oriented programming languages. Our comparison includes both quantitative metrics such as …