Security@Runtime Metamodel
The metamodel for the Security@Runtime approach.
Specurity Aspects
Name
Description
Enables the specification of fine-grained contextual permissions and obligations and supports their management, enforcement and their update at runtime.
Specification Elements
Name
Description
Partial representation of the runtime state of the application.
Define aliases for the application classes and methods to simplify referring to them in security rules instead of using fully qualified names.
A set of security rules specifies what subjects, i.e., active entities in the system, are permitted, prohibited and obliged to do in the system.
Describes the mapping between the policy entities (roles, actions and contexts) and the application entities (instances, fields, methods and their parameters).
Identifies the security Rule.
Represents a set of system users or resources.
Represents an interaction between users and resources.
Denotes a set of system state conditions.
The state of an application consists of the set of active objects (or instances), the field instance values, and the stack of method calls.
Contains security rules that are applicable, or effective at a given time.
Security Aspects
Security configuration
Enables the specification of fine-grained contextual permissions and obligations and supports their management, enforcement and their update at runtime.- Specification Elements:
- Action
- Application State
- Context
- Declaration
- DynamicMappingRule
- DynamicState
- Identifier
- Policy State
- Role
- SecurityRule
- Threats:
- Denial of Service
- Elevation of Privileges
- Information Disclosure
- Repudiation
- Spoofing
- Tampering with Data
Specification Elements
DynamicState
Partial representation of the runtime state of the application.- Applies to:
- State
Declaration
Define aliases for the application classes and methods to simplify referring to them in security rules instead of using fully qualified names.- Applies to:
- Data
SecurityRule
A set of security rules specifies what subjects, i.e., active entities in the system, are permitted, prohibited and obliged to do in the system.- Applies to:
- Entity
DynamicMappingRule
Describes the mapping between the policy entities (roles, actions and contexts) and the application entities (instances, fields, methods and their parameters).Identifier
Identifies the security Rule.- Applies to:
- Data
Role
Represents a set of system users or resources.- Applies to:
- Entity
Action
Represents an interaction between users and resources.- Applies to:
- Activity
Context
Denotes a set of system state conditions.- Applies to:
- State
Application State
The state of an application consists of the set of active objects (or instances), the field instance values, and the stack of method calls.- Applies to:
- State
Policy State
Contains security rules that are applicable, or effective at a given time.- Applies to:
- State