The G-ACM Tool: using the Drools Rule Engine for Access Control Management

In this paper we explore the usage of rule engines in a graphical framework for visualising dynamic access control policies. We use the Drools rule engine to dynamically compute permissions, following the Category-Based Access Control metamodel.

[1]  Luigi V. Mancini,et al.  Graph-based specification of access control policies , 2005, J. Comput. Syst. Sci..

[2]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[3]  Clara Bertolissi,et al.  A metamodel of access control for distributed environments: Applications and properties , 2014, Inf. Comput..

[4]  F. Autrel,et al.  MotOrBAC 2 : a security policy tool , 2008 .

[5]  Clara Bertolissi,et al.  Rewrite Specifications of Access Control Policies in Distributed Environments , 2010, STM.

[6]  Steve Barker The next 700 access control models or a unifying meta-model? , 2009, SACMAT '09.

[7]  Charles L. Forgy,et al.  Rete: a fast algorithm for the many pattern/many object pattern match problem , 1991 .

[8]  Clara Bertolissi,et al.  Automated analysis of rule-based access control policies , 2013, PLPV.

[9]  Clara Bertolissi,et al.  A rewriting framework for the composition of access control policies , 2008, PPDP.

[10]  Claude Kirchner,et al.  Analysis of Rewrite-Based Access Control Policies , 2009, Electron. Notes Theor. Comput. Sci..

[11]  Clara Bertolissi,et al.  Dynamic Event-Based Access Control as Term Rewriting , 2007, DBSec.

[12]  Clara Bertolissi,et al.  Category-Based Authorisation Models: Operational Semantics and Expressive Power , 2010, ESSoS.

[13]  Dean Povey Optimistic security: a new access control paradigm , 1999, NSPW '99.

[14]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[15]  Luigi V. Mancini,et al.  A graph-based formalism for RBAC , 2002, TSEC.

[16]  J. Doug Tygar,et al.  Miró: Visual Specification of Security , 1990, IEEE Trans. Software Eng..

[17]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[18]  James A. Hoagland,et al.  Specifying and Implementing Security Policies Using LaSCO, the Language for Security Constraints on Objects , 2000, ArXiv.

[19]  Maribel Fernández,et al.  A Framework for the Analysis of Access Control Policies with Emergency Management , 2015, LSFA.

[20]  Hélène Kirchner,et al.  Formal Specification and Validation of Security Policies , 2011, FPS.

[21]  Maribel Fernández,et al.  Hybrid Enforcement of Category-Based Access Control , 2014, STM.

[22]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[23]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[24]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[25]  Maribel Fernández,et al.  Term Rewriting for Access Control , 2006, DBSec.

[26]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[27]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.