Internal report (Reports)
A Comprehensive Modeling Framework for Role-based Access Control Policies
Ben Fadhel, Ameni; Bianculli, Domenico; Briand, Lionel
2014
 

Files


Full Text
SnT-TR-2014-15.pdf
Author postprint (605.17 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
role-based access control; modeling; authorization constraints; survey
Abstract :
[en] Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the access is granted or denied based on authorization policies defined within the enterprise. One of the most used AC paradigms is role-based access control (RBAC). In RBAC, access rights are determined based on the user's role, e.g., her job or function in the enterprise. Many different types of RBAC authorization policies have been proposed in the literature, each one accompanied by the corresponding extension of the original RBAC model. However, there is no unified framework that can be used to define all these types of RBAC policies in a coherent way, using a common model. Moreover, these types of policies and their corresponding models are scattered across multiple sources and sometimes the concepts are expressed ambiguously. This situation makes it difficult for researchers to understand the state of the art in a coherent manner; furthermore, practitioners may experience severe difficulties when selecting the relevant types of policies to be implemented in their systems based on the available information. There is clearly a need for organizing the various types of RBAC policies systematically, based on a unified framework, and to formalize them to enable their operationalization. In this paper we propose a model-driven engineering (MDE) approach, based on UML and the Object Constraint Language (OCL), to enable the precise specification and verification of such policies. More specifically, we first present a taxonomy of the various types of RBAC authorization policies proposed in the literature. We also propose the GemRBAC model, a generalized model for RBAC that includes all the entities required to define the classified policies. This model is a conceptual model that can also serve as data model to operationalize data collection and verification. Lastly, we formalize the classified RBAC policies as OCL constraints on the GemRBAC model. To facilitate such operationalization, we make publicly available online the ECore version of the GemRBAC model and the OCL constraints corresponding to the classified RBAC policies.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Disciplines :
Computer science
Author, co-author :
Ben Fadhel, Ameni ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Bianculli, Domenico  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
A Comprehensive Modeling Framework for Role-based Access Control Policies
Publication date :
November 2014
Publisher :
SnT Centre - University of Luxembourg
ISBN/EAN :
978-2-87971-137-9
Report number :
TR-SnT-2014-15
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 26 November 2014

Statistics


Number of views
809 (178 by Unilu)
Number of downloads
655 (39 by Unilu)

Bibliography


Similar publications



Contact ORBilu