Toward a model-driven access-control enforcement mechanism for pervasive systems

Pervasive systems typically involve heterogeneous users, devices and networks to provide services seamlessly interacting with the physical world. In order to be flexible, these systems must be both dynamically adaptive to handle and still open to the ability of receiving new elements. Characteristics of these systems can have a major impact on the enforcement of role-based access control policies. Enforcement mechanism for RBAC policies need to be tailored to distributed and adaptive software architectures. It must be capable of handling architectural changes (e.g., a resource hosted by a node is moved to another node) in order to maintain the enforced policy. In this paper we describe an approach of policy enforcement that leverages on a mapping between RBAC and a component-based architecture to reason on architectural changes and maintain the enforced policy. Models@runtime paradigm provides elementary bricks to reason on adaptive architecture. Relying on it and on runtime adaptation and monitoring mechanisms we propose a design for a model-driven RBAC enforcement mechanism.

[1]  Wouter Joosen,et al.  Using change patterns to incorporate evolving trust relationships into a software architecture , 2010 .

[2]  Yves Le Traon,et al.  Refactoring access control policies for performance improvement , 2012, ICPE '12.

[3]  Martin Wirsing,et al.  Software-Intensive Systems and New Computing Paradigms - Challenges and Visions , 2008, Software-Intensive Systems and New Computing Paradigms.

[4]  Wolfgang Wahlster,et al.  Future Internet 2020 Call for action by a high level visionary Panel , 2009 .

[5]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[6]  Ulrich Lang,et al.  Protection of complex distributed systems , 2008, MidSec '08.

[7]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[8]  Olivier Barais,et al.  Kevoree : une approche model@runtime pour les systèmes ubiquitaires , 2012 .

[9]  Brice Morin,et al.  A dynamic component model for cyber physical systems , 2012, CBSE '12.

[10]  Brice Morin,et al.  Models@ Run.time to Support Dynamic Adaptation , 2009, Computer.

[11]  Ulrich Lang,et al.  OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[12]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[13]  Koen Yskout Change Patterns : Co-evolving Requirements and Architecture , 2010 .

[14]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[15]  Gordon S. Blair,et al.  Models@ run.time , 2009, Computer.

[16]  Brice Morin,et al.  Security-driven model-based dynamic adaptation , 2010, ASE '10.

[17]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[18]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.