Constraint based role based access control in the SECTET-framework: A model-driven approach

Authors:
Muhammad Alam;Michael Hafner;Ruth Breu
Affiliations:
-;-;Research Group “Quality Engineering” Universität Innsbruck, Austria. E-mail: {muhammad.alam,m.hafner,ruth.breu}@uibk.ac.at
Venue:
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Year:
2008

Citing 17
Cited 9

TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
Building and managing the Meta Data Repository: A Full Life-Cycle Guide

Building and managing the Meta Data Repository: A Full Life-Cycle Guide
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications

Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Secure Systems Development with UML

Secure Systems Development with UML
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment

ICWS '05 Proceedings of the IEEE International Conference on Web Services
Developing Applications Using Model-Driven Design Environments

Computer
Modeling permissions in a (U/X)ML world

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
The Definitive ANTLR Reference: Building Domain-Specific Languages

The Definitive ANTLR Reference: Building Domain-Specific Languages
Model driven security engineering for the realization of dynamic security requirements in collaborative systems

MoDELS'06 Proceedings of the 2006 international conference on Models in software engineering
Towards a MOF/QVT-Based domain architecture for model driven security

MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
A framework for modeling restricted delegation in service oriented architecture

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
A flexible role-based delegation model using characteristics of permissions

DEXA'05 Proceedings of the 16th international conference on Database and Expert Systems Applications
Web service engineering – advancing a new software engineering discipline

ICWE'05 Proceedings of the 5th international conference on Web Engineering
Business process modeling: defining domain specific modeling languages by use of UML profiles

ECMDA-FA'06 Proceedings of the Second European conference on Model Driven Architecture: foundations and Applications
Model driven security for inter-organizational workflows in e-government

TCGOV'05 Proceedings of the 2005 international conference on E-Government: towards Electronic Democracy

Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects

CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Extended Software Architecture Based on Security Patterns

Informatica
Modeling process-related RBAC models with extended UML activity models

Information and Software Technology
Learning relational policies from electronic health record access logs

Journal of Biomedical Informatics
A decade of model-driven security

Proceedings of the 16th ACM symposium on Access control models and technologies
A contextual privacy-aware access control model for network monitoring workflows: work in progress

FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
A workflow checking approach for inherent privacy awareness in network monitoring

DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
A privacy-aware access control model for distributed network monitoring

Computers and Electrical Engineering
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

With respect to Service Oriented Architectures (SOA's) paradigm, the core Role Based Access Control (RBAC) has several limitations. In SOA, permissions to execute web services are not assigned statically to roles but are associated with a set of Permission Assignment Constraints (PAC) upon the fulfilment of which a role is assigned a permission to execute a web service. Further, the RBAC does not support partial inheritance which is an integral requirement in SOA. A major challenge in SOA is the inheritance of permissions associated with PAC in the presence of role hierarchies. This contribution has three objectives. First we propose an extension to Role Based Access Control (available at csrc.nist.gov/rbac/), which we call Constraint based RBAC (CRBAC), in order to make RBAC applicable to the dynamic environment of SOA. Within CRBAC, a high-level language - called SECTET-PL (available at http:// qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL.pdf) is used for the specification of PAC. Being part of the SECTET-framework for model-driven security for B2B-workflows, SECTET-PL is a policy language influenced by OCL (available at http://www.omg.org/docs/ptc/03-10-14.pdf) and interpreted in the context of UML models. Using the Model Driven Architecture (MDA) (available at http://www.omg.org/mda) paradigm, we then describe the transformation of high-level security models to low-level web services standard artefacts with the help of the Eclipse Modelling Framework and OpenArchitectureWare. Finally, we present the target architecture of the SECTET-framework used to realize the security artefacts generated from the transformations and thus completes the cycle of MDA.