Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Model-driven Run-time Enforcement of Complex Role-based Access Control Policies
Ben Fadhel, Ameni; Bianculli, Domenico; Briand, Lionel
2018In Proceeding of the 2018 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE ’18)
Peer reviewed
 

Files


Full Text
ase2018.pdf
Author postprint (732.12 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
role-based access control; enforcement; model-driven engineering
Abstract :
[en] A Role-based Access Control (RBAC) mechanism prevents unauthorized users to perform an operation, according to authorization policies which are defined on the user’s role within an enterprise. Several models have been proposed to specify complex RBAC policies. However, existing approaches for policy enforcement do not fully support all the types of policies that can be expressed in these models, which hinders their adoption among practitioners. In this paper we propose a model-driven enforcement framework for complex policies captured by GemRBAC+CTX, a comprehensive RBAC model proposed in the literature. We reduce the problem of making an access decision to checking whether a system state (from an RBAC point of view), expressed as an instance of the GemRBAC+CTX model, satisfies the constraints corresponding to the RBAC policies to be enforced at run time. We provide enforcement algorithms for various types of access requests and events, and a prototype tool (MORRO) implementing them. We also show how to integrate MORRO into an industrial Web application. The evaluation results show the applicability of our approach on a industrial system and its scalability with respect to the various parameters characterizing an AC configuration.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Disciplines :
Computer science
Author, co-author :
Ben Fadhel, Ameni ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Bianculli, Domenico  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
no
Language :
English
Title :
Model-driven Run-time Enforcement of Complex Role-based Access Control Policies
Publication date :
September 2018
Event name :
2018 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE ’18)
Event place :
Montpellier, France
Event date :
September 3–7, 2018
Main work title :
Proceeding of the 2018 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE ’18)
Publisher :
ACM, New York, United States
Pages :
248-258
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
European Projects :
H2020 - 694277 - TUNE - Testing the Untestable: Model Testing of Complex Software-Intensive Systems
FnR Project :
FNR3949772 - Validation And Verification Laboratory, 2010 (01/01/2012-31/07/2018) - Lionel Briand
Name of the research project :
reacp
Funders :
University of Luxembourg - UL
FNR - Fonds National de la Recherche [LU]
CE - Commission Européenne [BE]
Available on ORBilu :
since 25 July 2018

Statistics


Number of views
305 (44 by Unilu)
Number of downloads
457 (32 by Unilu)

OpenCitations
 
5

Bibliography


Similar publications



Contact ORBilu