TY - JOUR
T1 - A comprehensive modeling framework for role-based access control policies
AU - Ben Fadhel, Ameni
AU - Bianculli, Domenico
AU - Briand, Lionel
N1 - Publisher Copyright:
© 2015 Elsevier Inc. All rights reserved.
PY - 2015/9/1
Y1 - 2015/9/1
N2 - Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises; access control (AC) mechanisms manage requests from users to access system resources. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user's role. Many different types of RBAC policies have been proposed in the literature, each one accompanied by the corresponding extension of the original RBAC model. However, there is no unified framework that can be used to define all these types of policies in a coherent way, using a common model. In this paper we propose a model-driven engineering approach, based on UML and the Object Constraint Language (OCL), to enable the precise specification and verification of such policies. More specifically, we first present a taxonomy of the various types of RBAC policies proposed in the literature. We also propose the GemRBAC model, a generalized model for RBAC that includes all the entities required to define the classified policies. This model is a conceptual model that can also serve as data model to operationalize data collection and verification. Lastly, we formalize the classified policies as OCL constraints on the GemRBAC model.
AB - Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises; access control (AC) mechanisms manage requests from users to access system resources. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user's role. Many different types of RBAC policies have been proposed in the literature, each one accompanied by the corresponding extension of the original RBAC model. However, there is no unified framework that can be used to define all these types of policies in a coherent way, using a common model. In this paper we propose a model-driven engineering approach, based on UML and the Object Constraint Language (OCL), to enable the precise specification and verification of such policies. More specifically, we first present a taxonomy of the various types of RBAC policies proposed in the literature. We also propose the GemRBAC model, a generalized model for RBAC that includes all the entities required to define the classified policies. This model is a conceptual model that can also serve as data model to operationalize data collection and verification. Lastly, we formalize the classified policies as OCL constraints on the GemRBAC model.
KW - Modeling
KW - Role-based access control
KW - Survey
UR - http://www.scopus.com/inward/record.url?scp=84937435091&partnerID=8YFLogxK
U2 - 10.1016/j.jss.2015.05.015
DO - 10.1016/j.jss.2015.05.015
M3 - Article
AN - SCOPUS:84937435091
SN - 0164-1212
VL - 107
SP - 110
EP - 126
JO - Journal of Systems and Software
JF - Journal of Systems and Software
ER -