The concept of self-defending objects and the development of security aware applications

Holford, John William

January 2006

The self-defending object (SDO) concept is an extension to the object-oriented programming paradigm, whereby those objects that encapsulate the protected resources of a security aware application (SAA), are made aware of, and responsible for, the defence of those resources. That defence takes two forms, the enforcement of mandatory access control on protected resources and the generation of the corresponding portion of the SAA's audit trail. The SDO concept acts as the philosophy that guides the application level mandatory access control within SAAs which ensures that the provided access control is both complete and non bypassable. Although SDOs accept responsibility for controlling access to the protected data and functionality that they encapsulate, an SDO delegates the responsibility for making authorisation decisions to an associated authorisation object. Thus, SDOs fulfill their access control obligations by initiating the authorisation check and then enforcing the decision made on their behalf. A simple, yet effective mechanism for enforcing that access control at the object level involves controlling the ability to invoke those SDO methods that access protected resources. In the absence of previous research on this approach to the enforcement of application level access control, the primary aim of this research was to demonstrate that the SDO concept is a viable paradigm for developing SAAs. That aim was achieved in two stages. The first stage targeted the provision of a 'proof of concept', that demonstrated that the SDO concept could be applied to the development of non-distributed SAAs. The second stage demonstrated its applicability to the development of distributed SAAs. In the second stage, two versions of a distributed prototype were developed, one based on a traditional (proprietary) distributed computing model, (Java RMI), and the second using the currently popular Web services model, to demonstrate the general applicability of the SDO concept. Having already demonstrated that the SDO concept could be applied to SAAs executing on a single machine, the major focus of that research was to devise a mechanism by which SDOs could be transferred between machines. The research then concentrated on determining what impacts the adoption of the SDO concept would have on SAA development. Experimentation carried out using the distributed prototypes demonstrated that (1) the adoption of the SDO does not restrict the use of inheritance hierarchies that include SDOs, (2) the restriction of the lifetime of SDOs can be supported, (3) usage rights enforcement can be employed, and (4) the use of cryptographic techniques to provide additional security guarantees is not affected. A key feature of the SDO concept, is that no major changes need to be made to current development tools or　methodologies, so its adoption is not hampered by significant financial or training impediments. This research demonstrated that the SDO concept is practical and constitutes a valuable extension to the object oriented paradigm that will help address the current lack of security in information systems. The SDO approach warrants additional research and adoption.

mandatory access control

authorisation

security aware applications

information security

computer security

information technology

software engineering

object oriented programming

programming paradigms