A Model-Driven Approach for the Specification and Analysis of Access Control Policies

The last years have seen the definition of many languages, models and standards tailored to specify and enforce access control policies, but such frameworks do not provide methodological support during the policy specification process. In particular, they do not provide facilities for the analysis of the social context where the system operates. In this paper we propose a model-driven approach for the specification and analysis of access control policies. We build this framework on top of SI*, a modeling language tailored to capture and analyze functional and security requirements of socio-technical systems. The framework also provides formal mechanisms to assist policy writers and system administrators in the verification of access control policies and of the actual user-permission assignment.

[1]  Dieter Gollmann,et al.  Computer Security – ESORICS 2004 , 2004, Lecture Notes in Computer Science.

[2]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3]  T. C. Ting,et al.  MAC and UML for secure software design , 2004, FMSE '04.

[4]  Joon S. Park,et al.  Access control mechanisms for inter-organizational workflow , 2001, SACMAT '01.

[5]  Mario Piattini,et al.  Applying a Security Requirements Engineering Process , 2006, ESORICS.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Giovambattista Ianni,et al.  External Sources of Computation for Answer Set Solvers , 2005, LPNMR.

[8]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[9]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.

[10]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[11]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[13]  Fabio Massacci,et al.  Security and Trust Requirements Engineering , 2005, FOSAD.

[14]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[15]  Annie I. Antón,et al.  The use of goals to surface requirements for evolving systems , 1998, Proceedings of the 20th International Conference on Software Engineering.

[16]  Gail-Joon Ahn,et al.  Enabling verification and conformance testing for access control model , 2008, SACMAT '08.

[17]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[18]  Wolfgang Faber,et al.  The DLV system for knowledge representation and reasoning , 2002, TOCL.

[19]  E. Letier,et al.  Goal-Oriented Elaboration of Security Requirements , 2001 .

[20]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[21]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[22]  John Mylopoulos,et al.  Computer-aided Support for Secure Tropos , 2007, Automated Software Engineering.

[23]  Martin Gogolla,et al.  Analyzing and Managing Role-Based Access Control Policies , 2008, IEEE Transactions on Knowledge and Data Engineering.

[24]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[25]  Bashar Nuseibeh,et al.  On modelling access policies: relating roles to their organisational context , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[26]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[27]  Andreas Schaad,et al.  A model-checking approach to analysing organisational controls in a loan origination process , 2006, SACMAT '06.

[28]  Indrakshi Ray,et al.  Using uml to visualize role-based access control constraints , 2004, SACMAT '04.

[29]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[30]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[31]  John Mylopoulos,et al.  An ontology for secure socio-technical systems , 2007 .

[32]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[33]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[34]  Q. He A Framework for Modeling Privacy Requirements in Role Engineering , 2003 .

[35]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[36]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[37]  J. Mylopoulos,et al.  An Ontology for Secure Socio-Technical Systems 1 , 2008 .

[38]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[39]  Ruth Breu,et al.  Model based development of access policies , 2007, International Journal on Software Tools for Technology Transfer.

[40]  Stewart Room Data Protection and Compliance in Context , 2006 .

[41]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[42]  John E. Dobson,et al.  A framework for expressing models of security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.