Reference : A Comprehensive Modeling Framework for Role-based Access Control Policies
Reports : Internal report
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/18874
A Comprehensive Modeling Framework for Role-based Access Control Policies
English
Ben Fadhel, Ameni mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bianculli, Domenico mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
Nov-2014
SnT Centre - University of Luxembourg
978-2-87971-137-9
TR-SnT-2014-15
[en] role-based access control ; modeling ; authorization constraints ; survey
[en] Prohibiting unauthorized access to critical resources and data has
become a major requirement for enterprises. Access control (AC) mechanisms
manage requests from users to access system resources; the access is
granted or denied based on authorization policies defined within the
enterprise. One of the most used AC paradigms is role-based access
control (RBAC). In RBAC, access rights are determined based on the
user's role, e.g., her job or function in the enterprise.


Many different types of RBAC authorization policies have been proposed
in the literature, each one accompanied by the corresponding extension
of the original RBAC model. However, there is no unified framework
that can be used to define all these types of RBAC policies in a
coherent way, using a common model. Moreover, these types of policies
and their corresponding models are scattered across multiple sources
and sometimes the concepts are expressed ambiguously. This situation
makes it difficult for researchers to understand the state of the art in
a coherent manner; furthermore, practitioners may experience severe
difficulties when selecting the relevant types of policies to be
implemented in their systems based on the available information.
There is clearly a need for organizing the various types of RBAC
policies systematically, based on a unified framework, and to
formalize them to enable their operationalization.

In this paper we propose a model-driven engineering (MDE) approach,
based on UML and the Object Constraint Language (OCL), to enable the
precise specification and verification of such policies. More
specifically, we first present a taxonomy of the various types of RBAC
authorization policies proposed in the literature. We also propose the
GemRBAC model, a generalized model for RBAC that includes all the
entities required to define the classified policies. This model is a
conceptual model that can also serve as data model to operationalize
data collection and verification. Lastly, we formalize the classified
RBAC policies as OCL constraints on the GemRBAC model. To facilitate
such operationalization, we make publicly available online the ECore
version of the GemRBAC model and the OCL constraints corresponding to
the classified RBAC policies.
Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR
http://hdl.handle.net/10993/18874

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
SnT-TR-2014-15.pdfAuthor postprint590.98 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.