Reference : Model-driven Run-time Enforcement of Complex Role-based Access Control Policies
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/36218
Model-driven Run-time Enforcement of Complex Role-based Access Control Policies
English
Ben Fadhel, Ameni [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bianculli, Domenico mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Sep-2018
Proceeding of the 2018 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE ’18)
ACM
248-258
Yes
No
New York
USA
2018 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE ’18)
September 3–7, 2018
Montpellier
France
[en] role-based access control ; enforcement ; model-driven engineering
[en] A Role-based Access Control (RBAC) mechanism prevents unauthorized users to perform an operation, according to authorization policies which are defined on the user’s role within an enterprise. Several models have been proposed to specify complex RBAC policies. However, existing approaches for policy enforcement do not fully support all the types of policies that can be expressed in these models, which hinders their adoption among practitioners.
In this paper we propose a model-driven enforcement framework for complex policies captured by GemRBAC+CTX, a comprehensive RBAC model proposed in the literature. We reduce the problem of making an access decision to checking whether a system state (from an RBAC point of view), expressed as an instance of the GemRBAC+CTX model, satisfies the constraints corresponding to the RBAC policies to be enforced at run time. We provide enforcement algorithms for various types of access requests and events, and a prototype tool (MORRO) implementing them. We also show how to integrate MORRO into an industrial Web application. The evaluation results show the applicability of our approach on a industrial system and its scalability with respect to the various parameters characterizing an AC configuration.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
University of Luxembourg - UL ; Fonds National de la Recherche - FnR ; European Commission - EC
Researchers ; Professionals
http://hdl.handle.net/10993/36218
10.1145/3238147.3238167
H2020 ; 694277 - TUNE - Testing the Untestable: Model Testing of Complex Software-Intensive Systems
FnR ; FNR3949772 > Lionel Briand > VVLAB > Validation and Verification Laboratory > 01/01/2012 > 31/07/2018 > 2011

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
ase2018.pdfAuthor postprint714.96 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.