@inproceedings{06452cc98be9439babf34439d9d20375,
title = "Security@Runtime: A flexible MDE approach to enforce fine-grained security policies",
abstract = "In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applications. Security requirements specified in security configurations are enforced using an application-independent Policy Enforcement Point Pep)-Policy Decision Point (Pdp) architecture, which enables the runtime update of security requirements. Our work is evaluated using two systems and its advantages and limitations are discussed.",
keywords = "Access Control, Java Security, Obligations, Security Domain Specific Language, Security Policies",
author = "Yehia Elrakaiby and Moussa Amrani and {Le Traon}, Yves",
year = "2014",
doi = "10.1007/978-3-319-04897-0_2",
language = "English",
isbn = "9783319048963",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "19--34",
booktitle = "Engineering Secure Software and Systems - 6th International Symposium, ESSoS 2014, Proceedings",
address = "Germany",
note = "6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014 ; Conference date: 26-02-2014 Through 28-02-2014",
}