TY - GEN
T1 - GemRBAC-DSL
T2 - 21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016
AU - Fadhel, Ameni Ben
AU - Bianculli, Domenico
AU - Briand, Lionel
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/6/6
Y1 - 2016/6/6
N2 - A role-based access control (RBAC) policy restricts a user to perform operations based on her role within an organiza-Tion. Several RBAC models have been proposed to represent different types of RBAC policies. However, the expressive-ness of these models has not been matched by specification languages for RBAC policies. Indeed, existing policy spec-ification languages do not support all the types of RBAC policies defined in the literature. In this paper we aim to bridge the gap between highly-expressive RBAC models and policy specification languages, by presenting GemRBAC-DSL, a new specification language designed on top of an existing, generalized conceptual model for RBAC. The language sports a syntax close to natural lan-guage, to encourage its adoption among practitioners. We also define semantic checks to detect conicts and incon-sistencies among the policies written in a GemRBAC-DSL specification. We show how the semantics of GemRBAC-DSL can be expressed in terms of an existing formaliza-Tion of RBAC policies as OCL (Object Constraint Lan-guage) constraints on the corresponding RBAC conceptual model. This formalization paves the way to define a model-driven approach for the enforcement of policies written in GemRBAC-DSL.
AB - A role-based access control (RBAC) policy restricts a user to perform operations based on her role within an organiza-Tion. Several RBAC models have been proposed to represent different types of RBAC policies. However, the expressive-ness of these models has not been matched by specification languages for RBAC policies. Indeed, existing policy spec-ification languages do not support all the types of RBAC policies defined in the literature. In this paper we aim to bridge the gap between highly-expressive RBAC models and policy specification languages, by presenting GemRBAC-DSL, a new specification language designed on top of an existing, generalized conceptual model for RBAC. The language sports a syntax close to natural lan-guage, to encourage its adoption among practitioners. We also define semantic checks to detect conicts and incon-sistencies among the policies written in a GemRBAC-DSL specification. We show how the semantics of GemRBAC-DSL can be expressed in terms of an existing formaliza-Tion of RBAC policies as OCL (Object Constraint Lan-guage) constraints on the corresponding RBAC conceptual model. This formalization paves the way to define a model-driven approach for the enforcement of policies written in GemRBAC-DSL.
UR - http://www.scopus.com/inward/record.url?scp=84977119230&partnerID=8YFLogxK
U2 - 10.1145/2914642.2914656
DO - 10.1145/2914642.2914656
M3 - Conference contribution
AN - SCOPUS:84977119230
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 179
EP - 190
BT - SACMAT 2016 - Proceedings of the 21st ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
Y2 - 6 June 2016 through 8 June 2016
ER -