An Aspect-Oriented Approach For Web Application Access Control Presented by: Mohamed Hassan Carleton...
-
Upload
braydon-triplett -
Category
Documents
-
view
216 -
download
1
Transcript of An Aspect-Oriented Approach For Web Application Access Control Presented by: Mohamed Hassan Carleton...
An Aspect-Oriented Approach An Aspect-Oriented Approach For For
Web Application Access Web Application Access ControlControl
Presented by: Mohamed HassanPresented by: Mohamed Hassan
Carleton UniversityCarleton University
[email protected]@connect.carleton.ca
Supervisor: Prof. Samuel A. AjilaSupervisor: Prof. Samuel A. Ajila
Outline Object-Oriented Modeling What is Aspect-Oriented? Aspect-Oriented Modeling Motivated Example Problem Statement Contribution AO Reference Architecture Related Works Integrated AO Access Control Implementation for Integrated Access Control Conclusion Future Works
Object-Oriented Modeling
UK
SecurityRMTR
air_intaxi_in
taxi_out
air_out
UK
MonitoringRMTR
air_intaxi_in
taxi_out
air_out
UK
SynchronizeRMTR
air_intaxi_in
taxi_out
air_out
UK
Real-TimeRMTR
air_intaxi_in
taxi_out
air_out
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
Standard ModelConcern requirements
Object-Oriented Modeling (contd.)
OO Limitation: No separation of concerns
Concerns are spread out. Single concern Concerns are spread out. Single concern
affects multiple models.affects multiple models.
Multiple Concerns are interleaved in Multiple Concerns are interleaved in
a single model.a single model.
No mechanism for modeling No mechanism for modeling interweaving crosscutting concerns.interweaving crosscutting concerns.
What is Aspect-Oriented?
“A technique that resolves crosscutting concerns where each concern is encapsulated in a modular unit called Aspect” [Elrad et. al].
Base Model
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
UK RMTR
air_intaxi_in
taxi_outair_out
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
UK RMTR
air_intaxi_in
taxi_out
air_out
AspectAccess Control
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
Woven Model
AspectReal-Time
AspectSynchronize
UK RMTR
air_intaxi_in
taxi_outair_out
UK RMTR
air_intaxi_in
taxi_outair_out
BaseRequirements
Access ControlRequirements
SynchronizeRequirements
Real-TimeRequirements
Aspect-Oriented Modeling
Weaver
Base Model
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
UK RMTR
air_intaxi_in
taxi_outair_out
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
UK RMTR
air_intaxi_in
taxi_out
air_out
AspectAccess Control
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
Woven Model
AspectReal-Time
AspectSynchronize
UK RMTR
air_intaxi_in
taxi_outair_out
UK RMTR
air_intaxi_in
taxi_outair_out
BaseRequirements
Access ControlRequirements
SynchronizeRequirements
Real-TimeRequirements
Aspect-Oriented Modeling(contd.)Objective:1- Validation of modules
Weaver
Base Model
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITHAspect
Access Control
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
Woven Model
AspectReal-Time
AspectSynchronize
Aspect Library
Objective:2- Reuse of modules
Weaver
Aspect-Oriented Modeling(contd.)
Base Model (1)
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
Woven Models
Aspect Library
Aspect-Oriented Modeling(contd.)
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
START
-
always takes too long
MEETING
PRESENT ARGUMENTS
COMPANY X OPINION
MOTOROLA OPINION
THROW OUT IDEA
COMPANY Y OPINION
AGREESUPERIOR ARGUMENT
COFFEE BREAK
where the real work is done
PROPOSE DECISION
MEETING AGREES
LUNCHwell deserved
MOTOROLAWITH
Objective:3- Plug and reuse models
Base Model (2)
Base Model (3)
Problem Statement
Access control spread across application.Access control spread across application. Hard to understand, reusable or analyze.Hard to understand, reusable or analyze.
Security policy can very in time.Security policy can very in time. Weaving overhead and poor performance.Weaving overhead and poor performance.
Aspect itself can be targeted by Aspect itself can be targeted by intrusions.intrusions.
Aspect must be secured.Aspect must be secured.
Aspects must be woven to the application Aspects must be woven to the application in a proper order.in a proper order. Aspect woven procedure.Aspect woven procedure.
ContributionContribution
Apply security rules depending on Apply security rules depending on the application version before the application version before establishing the connection.establishing the connection.
Dynamically apply proper login Dynamically apply proper login menu depending on the connection menu depending on the connection type and the user behaviors.type and the user behaviors.
Weave history technique:Weave history technique: Weave only modified part of aspectWeave only modified part of aspect Analyze aspect for un-authorize changeAnalyze aspect for un-authorize change
An integration aspect-oriented approach to secure the web application
ConcernDecomposition
AdaptationKindAdaptationSubject
Language
«import» «import»
«import» «import»
AO Reference Architecture AO Reference Architecture [Schauerhuber et al.] [Schauerhuber et al.]ConcernDecomposition
*
*
weavingTarget
1..*
superaspect
subaspect
**
Base
WeavingdynamicityWeavingdynamicity
AdaptationRule
Conflict
*
*
Aspect
ConflictResolution
Concern
*
refines
AdaptationSubject
«enumeration»RelativePositionKind
beforearoundafter
*
ownedJP
SimplePointcut
PointcutrelPos:RelativePositionKindRelativePosition
relPos:RelativePositionKindRelativePosition
*
* selector
owner
CompositePointcut
1..*children
JoinPointdynamicity
JoinPointdynamicity
JoinPointModel
*
1..*
operatorCompositionoperatorComposition
selectionMethodSelection
selectedJP
AdaptationKind
Adaptation
SimpleAdaptation
CompositeAdaptation
BehavioralAdaptation
StructuralAdaptation
1..*children
*
Language
StructuralElement
BehavioralElement
ElementownedElement1..*
ownerLanguage
General decomposition of the
system into concerns
Describes where to introduce the
aspect’s adaptation
Concepts to describe how
an aspect adaptsa concern
Language underlying the specification of
base and aspect
Integrated AO Access ControlIntegrated AO Access Control
Design principlesDesign principles
1.1. Each aspect module has multiple Each aspect module has multiple design iterative. design iterative. Step 1: Class DiagramStep 1: Class Diagram
Define class: Attributes/ methodsDefine class: Attributes/ methods Relationship between classesRelationship between classes
Step 2: Sequence Diagram (and Step 2: Sequence Diagram (and other diagrams)other diagrams) Specify messages between objectsSpecify messages between objects
2. Security policy definition: A joined Security policy definition: A joined abstract modules that collect the abstract modules that collect the rules into organized structure.rules into organized structure.
Collects logical definitions for security Collects logical definitions for security rules into a central location.rules into a central location.
Allows elements to be reused with other Allows elements to be reused with other central location in other applicationscentral location in other applications..
Provides basic for security Library.Provides basic for security Library.
Design principles Design principles (contd.)(contd.)
Integrated AO Access ControlIntegrated AO Access Control
3. Security policy weaved only once to the base module.
Design principles Design principles (contd.)(contd.)
Integrated AO Access ControlIntegrated AO Access Control
Aspect propagates the changes in the Aspect propagates the changes in the aspect definition refereeing to its aspect definition refereeing to its woven state. woven state.
Integrated AO Access ControlIntegrated AO Access Control
<<aspect>>BaseAspect
<<aspect>>Replace
Abstract aspects
Input: requested aspect from aspect library
Previous woven aspect Timestamp (last modified) Timestamp (last woven)Output: weaved aspectbegin Weave historyend.
First activity
Secondactivity
Thirdactivity
Fourth activity
Weave historyWeave history
Weaver
Integrated AO Access ControlIntegrated AO Access Control
Weave history
Activity 1 Activity 1 Weave historyWeave history
<<aspect>>Weaved_rules
Integrated AO Access ControlIntegrated AO Access Control
New rules weaved rules
Activity 2Activity 2 Weave historyWeave history
The difference of rules
<<aspect>>New_rules
<<aspect>>User_Auth
<<aspect>>Weaved_rules
<<aspect>>Session_V2
Sub-aspects weaved version
Integrated AO Access ControlIntegrated AO Access Control
<<aspect>>Modified_Aspect
Copy modifiedaspect
Activity 3Activity 3 Weave historyWeave history
Integrated AO Access ControlIntegrated AO Access Control
Modified aspect Base
model
Activity 4Activity 4 Weave historyWeave history
<<aspect>>Modified_Aspect
Transition from design to development
Aspect Oriented Programming.Aspect Oriented Programming. AspectJ + EclipseAspectJ + Eclipse
Generate aspect-oriented Generate aspect-oriented programming codes using:programming codes using: Defined models that are created using UML Defined models that are created using UML
and security design.and security design.
Prototyping effort.Prototyping effort.
AspectAccess control
Connection()
Enter_Menu()
Login()
Implementation for Integrated Implementation for Integrated Access ControlAccess Control
Web Application
Implementation for Integrated Implementation for Integrated Access ControlAccess Control
Connection_menu()
New_Result()
ConnectionClient
Step (1)Step (1)
Implementation for Integrated Implementation for Integrated Access ControlAccess Control
Connection_type()Login menuConnection Enter menu
Step (2)Step (2)
Implementation for Integrated Implementation for Integrated Access ControlAccess Control
Connection()
New_Result()
Check for un-authorized aspect
Check aspect list
Security threat
ConnectionClient
Execute aspect
Yes
Conclusion
Aspects are presented using UML modeling.Aspects are presented using UML modeling. Representation are supplied with Representation are supplied with
supplementary meta-attributes to hold weaving supplementary meta-attributes to hold weaving instruction.instruction.
Aspect models defined generic abstract Aspect models defined generic abstract aspects that encapsulate the pointcuts.aspects that encapsulate the pointcuts. High degree of independent.High degree of independent. More reusable in different context (aspect library).More reusable in different context (aspect library).
An integrated aspect-oriented approach is proposed to secure web application from any violation.
Conclusion (contd.)
Aspect module collects information from Aspect module collects information from application using application using beforebefore joinpoint. joinpoint. Implemented the parallel-box concept.Implemented the parallel-box concept. Traces client behaviours in two different Traces client behaviours in two different
versions of the program.versions of the program.
First:
Conclusion (contd.)
Aspect module defines start and end Aspect module defines start and end points of the login method using points of the login method using aroundaround joinpoint. joinpoint. Overrides login menu depending on Overrides login menu depending on
connection type and client behaviours.connection type and client behaviours. Required bi-direction transformation of Required bi-direction transformation of
rules between aspect and application.rules between aspect and application.
Second:
Conclusion (contd.)
Weaving history module is Weaving history module is presented.presented. Weave only modified part of the aspect.Weave only modified part of the aspect. Analyze aspect modules for any Analyze aspect modules for any
unauthorized changes before weaves unauthorized changes before weaves them to the application.them to the application.
Third:
Future works
Analyze technique that verifies the weave of Analyze technique that verifies the weave of access control aspects.access control aspects.
Build a dynamic weaving history technique.Build a dynamic weaving history technique.
User interface to facilitate aspect selection User interface to facilitate aspect selection and apply security rules.and apply security rules.
We are interested in extending our works in three different areas: