Zás@ICSOFT – 2006
In 2006, I published the first short paper about my MSc project, Zás – Aspect-Oriented Authorization Services (unofficially named Zenida Authorization Services) in the ICSOFT Conference.
“This paper proposes Zás, a a novel, flexible, and expressive authorization mechanism for Java. Zás has been inspired by Ramnivas Laddad’s proposal to modularize Java Authentication and Authorization Services (JAAS) using an Aspect-Oriented Programming (AOP) approach. Zás aims are to be simultaneously very expressive, reusable, and easy to use and configure. Zás allows authorization services to be non-invasively added to existing code. It also cohabits with a wide range of authentication mechanisms.Zás uses Java 5 annotations to specify permission requirements to access controlled resources. These requirements may be changed directly during execution. They may also be calculated by client supplied permission classes before each access to the corresponding resource. These features, together with several mechanisms for permission propagation, expression of trust relationships, depth of access control, etc., make Zás, we believe, an interesting starting point for further research on the use of AOP for authorization.”
Download the the full paper here.
Zás@IBM Contest – 2007
Later, I participated in an IBM contest for innovative research projects and, although my work was not the winner, the technical report was an improvement to the previous short paper that had been published. You can download that technical paper (in portuguese, however), here.
Zás MSc – 2008
Finally, in 2008 my MSc was published and it is available at ISCTE’s document repository for download
“Traditionally, access control system architectures are based on the abstract reference monitor model proposed by Anderson, which tries to separate the access control logic from the logic of applications.
The implementation of this model has been difficult since access control presents itself as a crosscutting concern, i.e., it crosscuts the functionalities of applications. However, the developments of the techniques that support the separation of concerns, particularly aspect oriented programming, have been enabling the development of systems in which the access control code is not scattered through the code of the application. Nevertheless, these solutions are still too specific to a given application.
This work presents an access control framework for Java applications, named Zás, which can be reused and that applies the abstract reference monitor proposed by Anderson. This framework supports access control policies using different kinds of context information and allows them to be changed at runtime. Zás was developed in the aspect oriented programming language AspectJ and it uses Java 5 annotations.
We used Zás in several small applications since its inception, so as to gain experience and insight from its application. Nevertheless, to evaluate the performance and applicability of the final version of the Zás framework prototype, we integrated it in a very large Web application called Fénix, which brought us very interesting results, such as showing the easiness of applicating Zás to already existing applications, and also the main caveats and limitations of Zás.”