Crosscutting software artifacts for access control
Today's techniques for software artifact access control bear an increased maintenance cost due to their coarse granularity and limited expressive power. As a result, the implemented access control policies can be incorrect or incomplete, creating security vulnerabilities. Furthermore, the additional maintenance of access-restricted artifacts may negatively influence developers' decisions for collaboration opportunities. This thesis proposes a crosscutting concern-based approach to a software artifact access control model that can reliably enforce access control, reduce maintenance, and increase the types of polices that can be expressed. We implemented our approach as a front-end integrated development environment, SaJE, and a back-end access control monitor, GitBAC. We evaluated our implementation in two laboratory studies and a human subject experiment, measuring reliability, maintenance, and usability. The results from our evaluation indicate that crosscutting concerns are an effective means of implementing software artifact access control, offering improvements over conventional techniques.