Towards Attribute-Based Authorisation for Bidirectional Programming

Bidirectional programming allows developers to write programs that will produce transformations that extract data from a source document into a view. The same transformations can then be used to update the source in order to propagate the changes made to the view, provided that the transformations satisfy two essential properties. Bidirectional transformations can provide a form of authorisation mechanism. From a source containing sensitive data, a view can be extracted that only contains the information to be shared with a subject. The subject can modify the view, and the source can be updated accordingly, without risk of release of the sensitive information to the subject. However, the authorisation model afforded by bidirectional transformations is limited. Implementing an attribute-based access control (ABAC) mechanism directly in bidirectional transformations would violate the essential properties of well-behaved transformations; it would contradict the principle of separation of concerns; and it would require users to write and maintain a different transformation for every subject they would like to share a view with. In this paper, we explore a solution to enforce ABAC on bidirectional transformations, using a policy language from which filters are generated to enforce the policy rules.

[1]  Seog Park,et al.  Two Phase Filtering for XML Access Control , 2006, Secure Data Management.

[2]  Benjamin C. Pierce,et al.  Matching lenses: alignment and view update , 2010, ICFP '10.

[3]  Akimasa Morihata,et al.  Automatic inversion generates divide-and-conquer parallel programs , 2007, PLDI '07.

[4]  E. Dijkstra On the Role of Scientific Thought , 1982 .

[5]  Read Download Schema Based Xml Security Rbac Approach , 2015 .

[6]  Michiharu Kudo,et al.  Access Control Policy Models for XML , 2007, Secure Data Management in Decentralized Systems.

[7]  Frank Hermann,et al.  First International Workshop on Bidirectional Transformations (BX 2012): Preface , 2012, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[8]  Csilla Farkas,et al.  Secure XML Views , 2002, DBSec.

[9]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[10]  James Clark,et al.  XSL Transformations (XSLT) Version 1.0 , 1999 .

[11]  Ralf Lämmel,et al.  Bidirectional Transformations: A Cross-Discipline Perspective , 2009, ICMT@TOOLS.

[12]  Yanchun Zhang,et al.  An Integrated Access Control for Securely Querying and Updating XML Data , 2008, ADC.

[13]  Bernhard Hoisl,et al.  Towards co-evolution in model-driven development via bidirectional higher-order transformation , 2014, 2014 2nd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[14]  Gabriel M. Kuper,et al.  Generalized XML security views , 2005, SACMAT '05.

[15]  Scott Boag,et al.  XQuery 1.0 : An XML Query Language , 2007 .

[16]  Benjamin C. Pierce,et al.  Combinators for bi-directional tree transformations: a linguistic approach to the view update problem , 2005, POPL '05.

[17]  Richard S. Bird,et al.  Introduction to functional programming using haskeu , 1998 .

[18]  Mohammad Ashiqur Rahaman,et al.  XML secure views using semantic access control , 2010, EDBT '10.

[19]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[20]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[21]  Bo Luo,et al.  HyXAC: a hybrid approach for XML access control , 2013, SACMAT '13.

[22]  Yijun Yu,et al.  Maintaining invariant traceability through bidirectional transformations , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[23]  Wenfei Fan,et al.  Secure XML querying with security views , 2004, SIGMOD '04.

[24]  Val Tannen,et al.  Annotated XML: queries and provenance , 2008, PODS.

[25]  Kazutaka Matsuda,et al.  Bidirectionalizing graph transformations , 2010, ICFP '10.

[26]  Masato Takeichi,et al.  Consistent Web site updating based on bidirectional transformation , 2008, 2008 10th International Symposium on Web Site Evolution.

[27]  Benjamin C. Pierce,et al.  Bidirectional programming languages , 2009 .

[28]  Alban Gabillon,et al.  Regulating Access to XML documents , 2001, DBSec.

[29]  Zhenjiang Hu,et al.  Validity Checking of Putback Transformations in Bidirectional Programming , 2014, FM.

[30]  Benjamin C. Pierce,et al.  Updatable Security Views , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[31]  Chutiporn Anutariya,et al.  A Rule-Based XML Access Control Model , 2003, RuleML.

[32]  Csilla Farkas,et al.  RDF metadata for XML access control , 2003, XMLSEC '03.

[33]  Benjamin C. Pierce,et al.  Boomerang: resourceful lenses for string data , 2008, POPL '08.

[34]  Zhenjiang Hu,et al.  BiFluX: A Bidirectional Functional Update Language for XML , 2014, PPDP '14.

[35]  Zhenjiang Hu,et al.  Writing bidirectional model transformations as intentional updates , 2014, ICSE Companion.

[36]  Richard S. Bird,et al.  Introduction to functional programming , 1988, Prentice Hall International series in computer science.

[37]  Martin Hofmann,et al.  Edit lenses , 2012, POPL '12.