Comprehensive Specification and Efficient Enforcement of Role-based Access Control Policies using a Model-driven Approach

Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the access is granted or denied based on the authorization policies defined within the enterprise. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user’s role. In this dissertation, we focus on the problems of modeling, specifying and enforcing complex RBAC policies, by making the following contributions: 1. the GemRBAC+CTX conceptual model, a UML extension of the RBAC model that includes all the entities required to express the various types of RBAC policies found in the literature, with a specific emphasis on contextual policies. For each type of policy, we provided the corresponding formalization using the Object Constraint Language (OCL) to operationalize the access decision for a user’s request using model-driven technologies. 2. the GemRBAC-DSL language, a domain-specific language for RBAC policies designed on top of the GemRBAC+CTX model. The language is characterized by a syntax close to natural language, which does not require any mathematical background for expressing RBAC policies. The language supports all the authorization policies captured by the GemRBAC+CTX model. 3. MORRO, a model-driven framework for the run-time enforcement of RBAC policies expressed in GemRBAC-DSL, built on top of the GemRBAC+CTX model. MORRO provides policy enforcement for both access and usage control. 4. three tools (an editor for GemRBAC-DSL, a model transformation tool for GemRBAC-DSL, a run-time enforcement framework) have been implemented and released as part of this work. The GemRBAC+CTX model and the GemRBAC-DSL language have been adopted by our industrial partner for the specification of the access control policies of a Web application in the domain of disaster relief intervention. We have extensively evaluated the applicability and the scalability of MORRO on this Web application. The experimental results show that an access decision can be made on average, in less than 107ms and that the time for processing a notification of an AC-related event is less than 512ms. Furthermore, both the access decision time and the execution time for processing a notification of an AC-related event scale—in the majority of the cases—linearly with respect to the parameters characterizing AC configurations; in the remaining cases, the access decision time is constant.

[1]  Lionel C. Briand,et al.  Revisiting Model-Driven Engineering for Run-Time Verification of Business Processes , 2014, SAM.

[2]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[3]  Nora Cuppens-Boulahia,et al.  An extended RBAC profile of XACML , 2006, SWS '06.

[4]  Jacques Klein,et al.  Model-driven adaptive delegation , 2013, AOSD.

[5]  Lionel C. Briand,et al.  A Model-driven Approach to Representing and Checking RBAC Contextual Policies , 2016, CODASPY.

[6]  Lionel C. Briand,et al.  GemRBAC-DSL: A High-level Specification Language for Role-based Access Control Policies , 2016, SACMAT.

[7]  Hussein Zedan,et al.  Analysis and Run-Time Verification of Dynamic Security Policies , 2005, DAMAS.

[8]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[9]  Martin Gogolla,et al.  Employing UML and OCL for designing and analysing role-based access control , 2013, Math. Struct. Comput. Sci..

[10]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[11]  Karsten Sohr,et al.  Towards formal specification and verification of a role-based authorization engine using JML , 2010, SESS '10.

[12]  Elisa Bertino,et al.  Dependencies and separation of duty constraints in GTRBAC , 2003, SACMAT '03.

[13]  James H. Graham,et al.  Using Bloom Filters to Ensure Access Control and Authentication Requirements for SCADA Field Devices , 2012, Critical Infrastructure Protection.

[14]  F. Hansen,et al.  Spatial role-based access control model for wireless networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[15]  Jason Crampton,et al.  Authorization recycling in RBAC systems , 2008, SACMAT '08.

[16]  Mark Strembeck,et al.  Modeling process-related RBAC models with extended UML activity models , 2011, Inf. Softw. Technol..

[17]  Ravi S. Sandhu,et al.  Roles in information security - A survey and classification of the research area , 2011, Comput. Secur..

[18]  David A. Basin,et al.  Automated analysis of security-design models , 2009, Inf. Softw. Technol..

[19]  Basit Shafiq,et al.  A role-based access control policy verification framework for real-time systems , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[20]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[21]  Jian Yang,et al.  Specifying Role-Based Access Constraints with Object Constraint Language , 2004, APWeb.

[22]  Prashant J. Shenoy,et al.  BenchLab: An Open Testbed for Realistic Benchmarking of Web Applications , 2011, WebApps.

[23]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[24]  Indrakshi Ray,et al.  Using uml to visualize role-based access control constraints , 2004, SACMAT '04.

[25]  Brice Morin,et al.  An eclipse modelling framework alternative to meet the models@runtime requirements , 2012, MODELS'12.

[26]  Ramadan Abdunabi,et al.  Specification and analysis of access control policies for mobile applications , 2013, SACMAT '13.

[27]  Elisa Bertino,et al.  xfACL: an extensible functional language for access control , 2011, SACMAT '11.

[28]  Feza Buzluca,et al.  A UML profile for role-based access control , 2009, SIN '09.

[29]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[30]  David A. Basin,et al.  Analyzing First-Order Role Based Access Control , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[31]  Indrakshi Ray,et al.  Modeling Role-Based Access Control Using Parameterized UML Models , 2004, FASE.

[32]  Martin Gogolla,et al.  Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL , 2012, Inf. Softw. Technol..

[33]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[34]  Elisa Bertino,et al.  Enforcing spatial constraints for mobile RBAC systems , 2010, SACMAT '10.

[35]  Elisa Bertino,et al.  Hierarchical Domains for Decentralized Administration of Spatially-Aware RBAC Systems , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[36]  Elisa Bertino,et al.  Fine-grained role-based delegation in presence of the hybrid role hierarchy , 2006, SACMAT '06.

[37]  Kevin Borders,et al.  CPOL: high-performance policy evaluation , 2005, CCS '05.

[38]  Benoit Baudry,et al.  Toward a model-driven access-control enforcement mechanism for pervasive systems , 2012, MDsec '12.

[39]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[40]  Lieven Eeckhout,et al.  Statistically rigorous java performance evaluation , 2007, OOPSLA.

[41]  Martin Gogolla,et al.  Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL , 2011, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement.

[42]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[43]  Manachai Toahchoodee,et al.  A Spatio-temporal Role-Based Access Control Model , 2007, DBSec.

[44]  Lionel C. Briand,et al.  A comprehensive modeling framework for role-based access control policies , 2015, J. Syst. Softw..

[45]  Azzam Mourad,et al.  New approach for the dynamic enforcement of Web services security , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[46]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[47]  Xin Jin,et al.  RABAC: Role-Centric Attribute-Based Access Control , 2012, MMM-ACNS.

[48]  Brice Morin,et al.  Security-driven model-based dynamic adaptation , 2010, ASE '10.

[49]  Shamik Sural,et al.  Role Based Access Control with Spatiotemporal Context for Mobile Applications , 2009, Trans. Comput. Sci..

[50]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[51]  Jacques Klein,et al.  Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management , 2013, LNCS Trans. Aspect Oriented Softw. Dev..

[52]  Vijay Varadharajan,et al.  Tower: A Language for Role Based Access Control , 2001, POLICY.

[53]  Pierangela Samarati,et al.  Authentication, access control, and audit , 1996, CSUR.

[54]  Jianguo Xiao,et al.  An Extended Permission-Based Delegation Authorization Model , 2008, 2008 International Conference on Computer Science and Software Engineering.

[55]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.

[56]  Gail-Joon Ahn,et al.  Specification and classification of role-based authorization policies , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[57]  Manachai Toahchoodee,et al.  A Spatio-temporal Access Control Model Supporting Delegation for Pervasive Computing Applications , 2008, TrustBus.

[58]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[59]  Bogdan Carbunar,et al.  Efficient access enforcement in distributed role-based access control (RBAC) deployments , 2009, SACMAT '09.

[60]  Slim Kallel,et al.  From Formal Access Control Policies to Runtime Enforcement Aspects , 2009, ESSoS.

[61]  Shamik Sural,et al.  STARBAC: Spatio temporal Role Based Access C ontrol , 2007, OTM Conferences.

[62]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[63]  Jordi Cabot,et al.  Runtime support for rule-based access-control evaluation through model-transformation , 2016, SLE.

[64]  Ramadan Abdunabi,et al.  Specification, Validation, and Enforcement of a Generalized Spatio-Temporal Role-Based Access Control Model , 2013, IEEE Systems Journal.

[65]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[66]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[67]  David A. Basin,et al.  A Model-Driven Methodology for Developing Secure Data-Management Applications , 2014, IEEE Transactions on Software Engineering.

[68]  Jason Crampton,et al.  Delegation in role-based access control , 2007, International Journal of Information Security.

[69]  Karsten Sohr,et al.  Enforcing Role-Based Access Control Policies in Web Services with UML and OCL , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[70]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[71]  Elisa Bertino,et al.  Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[72]  Jason Crampton,et al.  Authorization recycling in hierarchical RBAC systems , 2011, TSEC.

[73]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification using Object Constraint Language , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[74]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[75]  Rui L. Aguiar,et al.  Distributed and Typed Role-based Access Control Mechanisms Driven by CRUD Expressions , 2014 .

[76]  T. C. Ting,et al.  Role Slices: A Notation for RBAC Permission Assignment and Enforcement , 2005, DBSec.