Using Self-Defending Objects to Develop Security Aware Applications in Java

Holford, J.W., Caelli, W.J. and Rhodes, A.W.

    The self defending object (SDO) approach to the development of security aware applications represents a change in the object oriented paradigm, whereby the software objects that encapsulate sensitive data or provide security sensitive functionality are responsible for its protection. Such an approach aims to defining and testing new concepts related to the growing requirements for information assurance in information systems. It involves a shift in the way in which application developers look at objects. Rather than acting as containers and dispensers of data, software objects become actively responsible for the protection of that data. By basing the design of security aware applications on the SDO concept, the provision of application specific, user centric, access control is simplified. When using the SDO approach, the access control mechanisms are localized within those objects that encapsulate sensitive data and functionality rather than being distributed throughout the application. Consequently, security measures are consistently applied and are not bypassable. The major contribution of this paper is to discuss how the SDO concept that was introduced in (Holford, Caelli & Rhodes 2003), can be used in the development of security aware applications. It begins by briefly presenting the rationale behind the SDO concept and its applicability to software design. It continues with a discussion of the experiences gained from using the SDO concept in the development of prototype security aware applications in the Javatm language and concludes by outlining future work aimed at extending the concept to the provision of 'self defending' software components and finding solutions for the trusted deployment of such components.
Cite as: Holford, J.W., Caelli, W.J. and Rhodes, A.W. (2004). Using Self-Defending Objects to Develop Security Aware Applications in Java. In Proc. Twenty-Seventh Australasian Computer Science Conference (ACSC2004), Dunedin, New Zealand. CRPIT, 26. Estivill-Castro, V., Ed. ACS. 341-349.
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS