A model-driven approach to representing and checking RBAC contextual policies

Ameni Ben Fadhel, Domenico Bianculli, Lionel Briand, Benjamin Hourte

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Among the various types of Role-based access control (RBAC) policies proposed in the literature, contextual policies take into account the user's location and the time at which she requests an access. The precise characterization of the context in such policies and the definition of an access decision procedure for them are non-trivial tasks, since they have to take into account the various facets of the temporal and spatial expressions occurring in these policies. Existing approaches for modeling contextual policies do not support all the various spatio-temporal concepts and often do not provide an access decision procedure. In this paper, we propose a model-driven approach to representing and checking RBAC contextual policies. We introduce GemRBAC+CTX, an extension of a generalized conceptual model for RBAC, which contains all the concepts required to model contextual policies. We formalize these policies as constraints, using the Object Constraint Language (OCL), on the GemRBAC+CTX model, as a way to operationalize the access decision for user's requests using model driven technologies. We show the application of GemR-BAC+CTX to model the RBAC contextual policies of an application developed by HITEC Luxembourg, a provider of situational-aware information management systems for emergency scenarios. The use of GemRBAC+CTX has allowed the engineers of HITEC to define several new types of contextual policies, with a fine-grained, precise description of contexts. The preliminary experimental results show the feasibility of applying our model-driven approach for making access decisions in real systems.

Original languageEnglish
Title of host publicationCODASPY 2016 - Proceedings of the 6th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages243-253
Number of pages11
ISBN (Electronic)9781450339353
DOIs
Publication statusPublished - 9 Mar 2016
Externally publishedYes
Event6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016 - New Orleans, United States
Duration: 9 Mar 201611 Mar 2016

Publication series

NameCODASPY 2016 - Proceedings of the 6th ACM Conference on Data and Application Security and Privacy

Conference

Conference6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016
Country/TerritoryUnited States
CityNew Orleans
Period9/03/1611/03/16

Fingerprint

Dive into the research topics of 'A model-driven approach to representing and checking RBAC contextual policies'. Together they form a unique fingerprint.

Cite this