A Graphical Framework for the Category-Based Metamodel for Access Control and Obligations

We design a graph-based framework for the visualisation and analysis of obligations in access control policies. We consider obligation policies in CBACO, the category-based access control model, which has been shown to subsume many of the most well known access control such as MAC, DAC, RBAC. CBACO is an extension of the CBAC metamodel that deals with obligations. We describe the implementation of the proposed model in PORGY, a strategy driven graph-rewriting tool, based on the theory of port-graphs. CBACO policies allow for dynamic behavior in the modelled systems, which is implemented using the strategy language of PORGY.

[1]  Stéphane Coulondre,et al.  Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs , 2006, ICCS.

[2]  Hélène Kirchner,et al.  A Higher-Order Graph Calculus for Autonomic Computing , 2009, Graph Theory, Computational Intelligence and Thought.

[3]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Luigi V. Mancini,et al.  A Formal Model for Role-Based Access Control Using Graph Transformation , 2000, ESORICS.

[5]  James A. Hoagland,et al.  Specifying and Implementing Security Policies Using LaSCO, the Language for Security Constraints on Objects , 2000, ArXiv.

[6]  Luigi V. Mancini,et al.  A graph-based formalism for RBAC , 2002, TSEC.

[7]  Maribel Fernández,et al.  Access Control and Obligations in the Category-Based Metamodel: A Rewrite-Based Semantics , 2014, LOPSTR.

[8]  Maribel Fernández,et al.  A Framework for the Analysis of Access Control Policies with Emergency Management , 2015, LSFA.

[9]  Luigi V. Mancini,et al.  Foundations for a Graph-Based Approach to the Specification of Access Control Policies , 2001, FoSSaCS.

[10]  Steve Barker The next 700 access control models or a unifying meta-model? , 2009, SACMAT '09.

[11]  Oana Andrei,et al.  A Rewriting Calculus for Graphs: Applications to Biology and Autonomous Systems. (Un calcul de réécriture de graphes : applications à la biologie et aux systèmes autonomes) , 2008 .

[12]  Maribel Fernández,et al.  A graph-based framework for the analysis of access control policies , 2017, Theor. Comput. Sci..

[13]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[14]  David Harel,et al.  On visual formalisms , 1988, CACM.

[15]  Clara Bertolissi,et al.  A metamodel of access control for distributed environments: Applications and properties , 2014, Inf. Comput..

[16]  J. Doug Tygar,et al.  Miró: Visual Specification of Security , 1990, IEEE Trans. Software Eng..

[17]  John Potter,et al.  A graphical definition of authorization schema in the DTAC model , 2001, SACMAT '01.

[18]  Hélène Kirchner,et al.  PORGY: Strategy-Driven Interactive Transformation of Graphs , 2011, TERMGRAPH.

[19]  Clara Bertolissi,et al.  Rewrite Specifications of Access Control Policies in Distributed Environments , 2010, STM.

[20]  Francesco Parisi-Presicce,et al.  Visual Specifications of Policies and Their Verification , 2003, FASE.

[21]  Maribel Fernández,et al.  Hybrid Enforcement of Category-Based Access Control , 2014, STM.

[22]  Luigi V. Mancini,et al.  On the specification and evolution of access control policies , 2001, SACMAT '01.