The dynamic configuration and evolution of large-scale heterogeneous systems such as distributed systems has made the enforcement of security requirements one of the most critical phase throughout system development lifecycle. In this context, specifying, deploying and then updating a security policy is a complex task. In the vast majority of cases, this task is being carried out in an artisanal way; administrators must manually configure the different changes that can occur in the security policy in different levels of security architecture components of the system. In this paper we propose a dynamic approach based on the weaving of aspects for the deployment of a security policy that includes the access control and usage control rules.
展开▼