Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management

Nguyen, Phu Hong; Nain, Grégory; Klein, Jacques; Mouelhi, Tejeddine; Le Traon, Yves

Reference : Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive D...


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/16611

Title :	Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management
Language :	English
Author, co-author :	Nguyen, Phu Hong [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Nain, Grégory [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Klein, Jacques [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Mouelhi, Tejeddine [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Le Traon, Yves [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	2014
Journal title :	Transactions on Aspect-Oriented Software Development
Publisher :	Springer
Volume :	11
Pages :	109-144
Peer reviewed :	Yes
Audience :	International
Keywords :	[en] Model-Driven Engineering ; Delegation ; Kevoree
Abstract :	[en] Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one canmention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy.We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different component-based systems running on different adaptive execution platforms, i.e. OSGi and Kevoree.
Permalink :	http://hdl.handle.net/10993/16611

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	TAOSD-Delegation-CamReady.pdf		Author postprint	2.78 MB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices