A transformation contract to generate aspects from access control policies

Access control is an important security issue. It has been addressed since the late 1960s in the early time-sharing computer systems. Many access control models have been proposed since than but of particular interest is Ferraiolo and Khun’s role-based access control model (RBAC). It is a simple and yet general model which has been deeply studied and applied both in industry and in academia. A variety of industrial standards have been proposed based on this model. Generating code for an access control policy is an interesting challenge. Understanding access control as a non-functional concern that cross-cuts the functional part of a system raises difficulties quite suitable for a solution based on aspect-oriented programming. In this paper, we address the problems of specification and validation of code generation for access control policies targeting an aspect-based infra-structure. We propose an MDA approach. The code generator is a transformation from SecureUML, an RBAC-based modeling language, to the language Aspects for Access Control (AAC), an aspect-oriented modeling language proposed in this paper. Metamodels are used to represent the languages and to specify the transformation. A metamodel is used to represent the abstract syntax of a language and the constraints that a given instance model of the metamodel must fulfill. We also use a metamodel to specify the code generator. This transformation metamodel, together with all the constraints, that is, from both languages and those constraints regarding the merge of the two languages, we call a transformation contract. It merges and conservatively extends the source and target metamodels of the model transformation it represents. In the context of code-generation for access control policies, the transformation contract specifies the relationships between the abstract syntaxes of SecureUML and AAC and constrains the two languages. The validation of the code generator also uses the transformation contract. For a given access control policy and aspect, represented as instances of the appropriate metamodels, with aspects produced by the code generator, the constraints of the transformation contract must hold. We have prototyped a transformer from SecureUML to aspects on top of ITP/OCL, an OCL interpreter that automatically validates the generated aspect code by applying the constraints of the transformation contract.

[1]  Manuel Clavel,et al.  Equational Specification of UML + OCL Static Class Diagrams ? , 2006 .

[2]  Jochen Malte Küster,et al.  Definition and validation of model transformations , 2006, Software & Systems Modeling.

[3]  Bart De Decker,et al.  Advances in Network and Distributed Systems Security, IFIP TC11 WG11.4 First Annual Working Conference on Network Security, November 26-27, 2001, Leuven, Belgium , 2001, Network Security.

[4]  Bart De Decker,et al.  Security Through Aspect-Oriented Programming , 2001, Network Security.

[5]  Martin Gogolla,et al.  Model transformations? transformation models! , 2006, MoDELS'06.

[6]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[7]  Jan Jüriens Model-based security engineering with UML : Introducing security aspects , 2006 .

[8]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[9]  Manuel Clavel,et al.  ITP/OCL: A Rewriting-Based Validation Tool for UML+OCL Static Class Diagrams , 2006, AMAST.

[10]  José Meseguer,et al.  Order-Sorted Algebra I: Equational Deduction for Multiple Inheritance, Overloading, Exceptions and Partial Operations , 1992, Theor. Comput. Sci..

[11]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[12]  Jan Jürjens,et al.  Dynamic secure aspect modeling with UML: from models to code , 2005, MoDELS'05.

[13]  David A. Basin,et al.  Automated analysis of security-design models , 2009, Inf. Softw. Technol..

[14]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[15]  Indrakshi Ray,et al.  An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[16]  Yi Deng,et al.  Applying Aspect-Orientation in Designing Security Systems: A Case Study , 2004, SEKE.

[17]  Bertrand Meyer,et al.  Object-Oriented Software Construction, 2nd Edition , 1997 .

[18]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[19]  David A. Basin Model driven security , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[20]  Joaquin Miller,et al.  MDA Guide Version 1.0.1 , 2003 .

[21]  José Meseguer,et al.  Specification and proof in membership equational logic , 2000, Theor. Comput. Sci..

[22]  Viviane Torres da Silva,et al.  Model-Driven Security in Practice: An Industrial Experience , 2008, ECMDA-FA.

[23]  Steven A. Demurjian,et al.  A formal enforcement framework for role-based access control using aspect-oriented programming , 2005, MoDELS'05.

[24]  Ramaswamy Chandramouli,et al.  Role-Based Access Control (2nd ed.) , 2007 .

[25]  Christiano Braga From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach , 2008, MoDELS Workshops.

[26]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[27]  Yijun Yu,et al.  Automated Analysis of Permission-Based Security Using UMLsec , 2008, FASE.

[28]  Bertrand Meyer,et al.  Object-oriented software construction (2nd ed.) , 1997 .

[29]  Maher Lamari,et al.  Towards an automated test generation for the verification of model transformations , 2007, SAC '07.

[30]  Kung Chen,et al.  An Aspect-Oriented Approach to Declarative Access Control for Web Applications , 2006, APWeb.