Home // International Journal On Advances in Security, volume 4, numbers 3 and 4, 2011 // View article
Authors:
María Consuelo Franky
Victor Manuel Toro C.
Keywords: Security; Access control; RBAC; Framework; Java EE; Seam; Security automation
Abstract:
Almost every software system must include a security module to authenticate users and to authorize what elements of the system can be accessed by each user. This paper describes a security model called “CincoSecurity” that follows the Role Based Access Control model (RBAC), but implementing fine-grained roles that can be grouped into “security profiles”. This leads to a great flexibility to configure the security of an application by selecting the operations allowed to each security profile, and later, by registering the users in one or several of these profiles. We describe also a security software module (that implements the CincoSecurity model) that we propose to be the initial code baseline for the development of any Use Cases oriented Java EE system, offering from the beginning a flexible, extensible and administrable access control to the elements of the application that is to be developed. Moreover, CincoSecurity allows automating the generation of the additional code required to protect the use cases and its elements of the Java EE application being developed, with tools that add the required security restriction code accordingly with the proposed security model.
Pages: 245 to 254
Copyright: Copyright (c) to authors, 2011. Used with permission.
Publication date: April 30, 2012
Published in: journal
ISSN: 1942-2636