Enforcing Access Control Models in System Applications by using Aspect-Oriented Programming: A Literature Review

Although software developers look to the security concept as a non-functional side of application systems they don't deny that this side represents one of the main pillars used to support the functional side of the applications, thus, increasing the recommendations of the application systems after achievement of user satisfaction. Unauthorized access to information represents one of the most important challenges faced by application systems developers. The privacy-preserving and security concepts have arisen from the usage of data resources, which sometimes leads to the sharing of personal identifying information (PII). Access control is one widely accepted security solution, by restricting the accessing of the data only to authorized users. Adding or updating access control concerns in system applications represents a difficult task for system developers because they need to track all program codes to detect where restriction methods should be inserted. At the same time, they have to define which piece of code needs to be applied for different access control policies. All of these concerns are accumulated in the problem of scattering and tangling of system software. A widely suggested but under-used solution to these problems is that of Aspect Oriented Programming (AOP). AOP is an effective technique for modularizing concerns and changing the execution behavior of existing codes with only the minimal need to change existing software implementations. In this paper we present a literature review in access control methods which used AOP to apply security concepts into application systems. Through our narration of the methods, we show the advantage of using AOP to modularize the access control policies and security concerns, and therefore increase the clarity, maintainability and reusability of system software.