A language-based access control approach for component-based software applications

In this paper we study security in component-based software applications by looking at information leakage from one component to another through operation calls. We model components and security speci?cations about con?dentiality as regular languages. Then we provide a systematic way to construct an access control mechanism that not only guarantees all speci?cations to be obeyed, but also allows each user to attain maximum permissive behaviors.