Reusable components for developing security-aware applications

Autoren Stefan Probst
Thomas Ziebermayr
Wolfgang Essmayr
TitelReusable components for developing security-aware applications
BuchtitelProc. 18th Annual Computer Security Applications Conf. (ACSAC 2002).
Typin Konferenzband
VerlagIEEE Computer Society
OrtLas Vegas, Nevada, USA

Today, security is considered to be an important aspect of multi-tier application development. Thoroughly researched concepts for access control exist and have been proven in mainframe computing. However, they are often not used in today’s development of multi-tier applications. One reason may be the lack of appropriate reusable components that support application developers that frequently have to re-invent the wheel when it comes to access controls. The goal of this paper is to promote awareness of security issues when developing applications and to illustrate a suitable approach for that. Our framework called GAMMA (Generic Authorization Mechanisms for Multi-Tier Applications) offers several authentication, access control, and auditing mechanisms. Access control models can be combined or used simultaneously in order to provide application-specific and highly customizable mechanisms. Moreover, due to its component-based structure, new security models and additional approaches for authentication or auditing can easily be added.