English
Related papers

Related papers: Static Enforcement of Role-Based Access Control

200 papers

Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and…

Software Engineering · Computer Science 2021-03-25 Anh Nguyen-Duc , Manh Viet Do , Quan Luong Hong , Kiem Nguyen Khac

The evolving smart and interconnected systems are designed to operate with minimal human intervention. Devices within these smart systems often engage in prolonged operations based on sensor data and contextual factors. Recently, an…

Cryptography and Security · Computer Science 2024-03-18 Tanjila Mawla , Maanak Gupta , Ravi Sandhu

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management and ability to model organizational structure and their capability to reduce…

Distributed, Parallel, and Cluster Computing · Computer Science 2013-12-03 Mamoon Rashid , Er. Rishma Chawla

This paper elaborates the use of static source code analysis in the context of data protection. The topic is important for software engineering in order for software developers to improve the protection of personal data during software…

Software Engineering · Computer Science 2020-03-24 Kalle Hjerppe , Jukka Ruohonen , Ville Leppänen

The ability to enforce robust and dynamic access controls on cloud-hosted data while simultaneously ensuring confidentiality with respect to the cloud itself is a clear goal for many users and organizations. To this end, there has been much…

Cryptography and Security · Computer Science 2016-04-28 William C. Garrison , Adam Shull , Steven Myers , Adam J. Lee

Java 7 introduced programmable dynamic linking in the form of the invokedynamic framework. Static analysis of code containing programmable dynamic linking has often been cited as a significant source of unsoundness in the analysis of Java…

Programming Languages · Computer Science 2020-01-09 George Fourtounis , Yannis Smaragdakis

Role-Based Access Control (RBAC) struggles to adapt to dynamic enterprise environments with documents that contain information that cannot be disclosed to specific user groups. As these documents are used by LLM-driven systems (e.g., in…

Cryptography and Security · Computer Science 2025-12-24 Michele Lorenzo , Idilio Drago , Dario Salvadori , Fabio Romolo Vayr

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

Today's business organizations need access control systems that can handle complex, changing security requirements that go beyond what traditional methods can manage. Current approaches, such as Role-Based Access Control (RBAC),…

Cryptography and Security · Computer Science 2026-02-17 Sharif Noor Zisad , Ragib Hasan

Basic role based access control [RBAC] provides a mechanism for segregating access privileges based upon a user's hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple…

Cryptography and Security · Computer Science 2007-05-23 Jonathan K. Adams , Basheer N. Bristow

Java reflection has been increasingly used in a wide range of software. It allows a software system to inspect and/or modify the behaviour of its classes, interfaces, methods and fields at runtime, enabling the software to adapt to…

Programming Languages · Computer Science 2017-06-15 Yue Li , Tian Tan , Jingling Xue

Static analysis is a powerful technique for automatic verification of programs but raises major engineering challenges when developing a full-fledged analyzer for a realistic language such as Java. This paper describes the Sawja library: a…

Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined,…

Software Engineering · Computer Science 2017-01-02 Andrea Margheri , Massimiliano Masi , Rosario Pugliese , Francesco Tiezzi

Many programmers have had to deal with an overwritten variable resulting for example from an aliasing problem. The culprit is obviously the last write-access to that memory location before the manifestation of the bug. The usual technique…

Software Engineering · Computer Science 2007-05-23 Kazutaka Maruyama , Minoru Terada

Large Language Models (LLMs) face a fundamental safety-helpfulness trade-off due to static, one-size-fits-all safety policies that lack runtime controllabilityxf, making it difficult to tailor responses to diverse application needs. %As a…

Computation and Language · Computer Science 2026-02-09 Jianfeng Si , Lin Sun , Weihong Lin , Xiangzheng Zhang

Attribute-based Access Control (ABAC) extends traditional Access Control by considering an access request as a set of pairs attribute name-value, making it particularly useful in the context of open and distributed systems, where security…

Cryptography and Security · Computer Science 2013-06-21 Andreas Griesmayer , Charles Morisset

We present a technique for automatically weaving structural invariant checks into an existing collection of classes. Using variations on existing design patterns, we use a concise specification to generate from this collection a new set of…

Programming Languages · Computer Science 2013-01-21 John Lasseter , John Cipriano

In this dissertation, we present LaSCO, the Language for Security Constraints on Objects, a new approach to expressing security policies using policy graphs and present a method for enforcing policies so expressed. Other approaches for…

Cryptography and Security · Computer Science 2007-05-23 James A. Hoagland

Managing stateful resources safely and expressively is a longstanding challenge in programming languages, especially in the presence of aliasing. While scope-based constructs such as Java's synchronized blocks offer ease of reasoning, they…

Programming Languages · Computer Science 2025-10-13 Songlin Jia , Craig Liu , Siyuan He , Haotian Deng , Yuyan Bao , Tiark Rompf

Static program analysis development is a non-trivial and time-consuming task. We present a framework through which developers can define static program analyses in natural language. We show the application of this framework to identify…

Programming Languages · Computer Science 2023-01-13 Mohammad Mehdi Pourhashem Kallehbasti , Mohammad Ghafari