The self-defending object (SDO) concept is an extension to the object-oriented programming paradigm, whereby those objects that encapsulate the protected resources of a security aware application (SAA), are made aware of, and responsible for, the defence of those resources. That defence takes two forms, the enforcement of mandatory access control on protected resources and the generation of the corresponding portion of the SAA's audit trail. The SDO concept acts as the philosophy that guides the application level mandatory access control within SAAs which ensures that the provided access control is both complete and non bypassable. Although SDOs accept responsibility for controlling access to the protected data and functionality that they encapsulate, an SDO delegates the responsibility for making authorisation decisions to an associated authorisation object. Thus, SDOs fulfill their access control obligations by initiating the authorisation check and then enforcing the decision made on their behalf. A simple, yet effective mechanism for enforcing that access control at the object level involves controlling the ability to invoke those SDO methods that access protected resources. In the absence of previous research on this approach to the enforcement of application level access control, the primary aim of this research was to demonstrate that the SDO concept is a viable paradigm for developing SAAs. That aim was achieved in two stages. The first stage targeted the provision of a 'proof of concept', that demonstrated that the SDO concept could be applied to the development of non-distributed SAAs. The second stage demonstrated its applicability to the development of distributed SAAs. In the second stage, two versions of a distributed prototype were developed, one based on a traditional (proprietary) distributed computing model, (Java RMI), and the second using the currently popular Web services model, to demonstrate the general applicability of the SDO concept. Having already demonstrated that the SDO concept could be applied to SAAs executing on a single machine, the major focus of that research was to devise a mechanism by which SDOs could be transferred between machines.ududThe research then concentrated on determining what impacts the adoption of the SDO concept would have on SAA development. Experimentation carried out using the distributed prototypes demonstrated that (1) the adoption of the SDO does not restrict the use of inheritance hierarchies that include SDOs, (2) the restriction of the lifetime of SDOs can be supported, (3) usage rights enforcement can be employed, and (4) the use of cryptographic techniques to provide additional security guarantees is not affected. A key feature of the SDO concept, is that no major changes need to be made to current development tools or methodologies, so its adoption is not hampered by significant financial or training impediments. This research demonstrated that the SDO concept is practical and constitutes a valuable extension to the object oriented paradigm that will help address the current lack of security in information systems. The SDO approach warrants additional research and adoption.
展开▼
机译:自卫对象(SDO)概念是对面向对象编程范式的扩展,由此,那些封装了安全意识应用程序(SAA)的受保护资源的对象将意识到并负责保护这些对象资源。这种防御有两种形式,即对受保护资源实施强制访问控制,以及生成SAA审计跟踪的相应部分。 SDO概念充当指导SAA内应用程序级别强制访问控制的原则,可确保所提供的访问控制既完整又不可绕过。尽管SDO承担控制访问对其封装的受保护数据和功能的责任,但SDO将负责做出授权决策的责任委托给关联的授权对象。因此,SDO通过启动授权检查并执行代表其的决定来履行其访问控制义务。在对象级别上强制执行访问控制的简单但有效的机制包括控制调用那些访问受保护资源的SDO方法的能力。在缺乏有关执行应用程序级别访问控制的方法的先前研究的情况下,该研究的主要目的是证明SDO概念是开发SAA的可行范例。该目标分两个阶段实现。第一阶段的目标是提供“概念证明”,这表明SDO概念可以应用于非分布式SAA的开发。第二阶段证明了其适用于分布式SAA的开发。在第二阶段,开发了两个版本的分布式原型,一个基于传统的(专有)分布式计算模型(Java RMI),第二个使用当前流行的Web服务模型,以证明SDO的普遍适用性概念。已经证明了SDO概念可以应用于在一台机器上执行的SAA,该研究的主要重点是设计一种机制,通过该机制可以在机器之间传输SDO。 ud ud然后,研究重点在于确定对SDO的影响。 SDO概念的采用将对SAA的发展产生影响。使用分布式原型进行的实验表明:(1)SDO的采用不限制使用包括SDO的继承层次结构,(2)可以支持SDO的生存期限制,(3)使用权限实施可以(4)使用密码技术提供额外的安全保证不会受到影响。 SDO概念的关键特征是,无需对当前的开发工具或方法进行重大更改,因此,其采用不会受到重大财务或培训障碍的阻碍。这项研究表明,SDO概念是实用的,并且构成了面向对象范式的宝贵扩展,将有助于解决当前信息系统缺乏安全性的问题。 SDO方法需要进行额外的研究和采用。
展开▼
