Doctoral thesis (Dissertations and theses)
Comprehensive Specification and Efficient Enforcement of Role-based Access Control Policies using a Model-driven Approach
BEN FADHEL, Ameni
2017
 

Files


Full Text
Thesis_AmeniBF2017.pdf
Author postprint (1.74 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Abstract :
[en] Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the access is granted or denied based on the authorization policies defined within the enterprise. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user’s role. In this dissertation, we focus on the problems of modeling, specifying and enforcing complex RBAC policies, by making the following contributions: 1. the GemRBAC+CTX conceptual model, a UML extension of the RBAC model that includes all the entities required to express the various types of RBAC policies found in the literature, with a specific emphasis on contextual policies. For each type of policy, we provided the corresponding formalization using the Object Constraint Language (OCL) to operationalize the access decision for a user’s request using model-driven technologies. 2. the GemRBAC-DSL language, a domain-specific language for RBAC policies designed on top of the GemRBAC+CTX model. The language is characterized by a syntax close to natural language, which does not require any mathematical background for expressing RBAC policies. The language supports all the authorization policies captured by the GemRBAC+CTX model. 3. MORRO, a model-driven framework for the run-time enforcement of RBAC policies expressed in GemRBAC-DSL, built on top of the GemRBAC+CTX model. MORRO provides policy enforcement for both access and usage control. 4. three tools (an editor for GemRBAC-DSL, a model transformation tool for GemRBAC-DSL, a run-time enforcement framework) have been implemented and released as part of this work. The GemRBAC+CTX model and the GemRBAC-DSL language have been adopted by our industrial partner for the specification of the access control policies of a Web application in the domain of disaster reliefintervention. We have extensively evaluated the applicability and the scalability of MORRO on this Web application. The experimental results show that an access decision can be made on average, in less than 107 ms and that the time for processing a notification of an AC-related event is less than 512ms. Furthermore, both the access decision time and the execution time for processing a notification of an AC-related event scale—in the majority of the cases—linearly with respect to the parameters characterizing AC configurations; in the remaining cases, the access decision time is constant.
Disciplines :
Computer science
Author, co-author :
BEN FADHEL, Ameni ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Language :
English
Title :
Comprehensive Specification and Efficient Enforcement of Role-based Access Control Policies using a Model-driven Approach
Defense date :
2017
Institution :
Unilu - University of Luxembourg, Luxembourg
Degree :
Docteur De L’Universite ́ Du Luxembourg En Informatique
President :
Jury member :
Balzarotti, Davide
Steimann, Friedrich
Available on ORBilu :
since 20 October 2017

Statistics


Number of views
258 (51 by Unilu)
Number of downloads
222 (25 by Unilu)

Bibliography


Similar publications



Contact ORBilu