Enforcing Role-Based Access Controls in Software Systems with an Agent Based Service Oriented Approach

Access control is often used to make restrictions to the resources in a system so that these resources can only be accessed by those who have the corresponding privilege. Role-based access controls (RBAC) model introduces roles into access control so that the privilege is assigned to role and access control can be managed easily by defining the role of the users and inheritance structure of the roles. Although the RBAC model has been well accepted, it turns out to have some problems in applying RBAC to an existing system: an existing system is generally not organised in roles; it is very hard to add the access control functions to each module of an existing system. In this paper, an agent-based service oriented approach that helps existing systems be migrated to RBAC for software evolution is proposed. The architecture and working flow of the approach are presented and an example showing how to use the proposed framework and methodology is illustrated.

[1]  Zili Zhang,et al.  5 Agent-Based Framework for Hybrid Intelligent Systems , 2004 .

[2]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[3]  Baowen Xu,et al.  Agentification for web services , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[4]  Eric Wohlstadter,et al.  A framework for flexible evolution in distributed heterogeneous systems , 2002, IWPSE '02.

[5]  Michael R. Genesereth,et al.  Software agents , 1994, CACM.

[6]  Chengqi Zhang,et al.  Agent-Based Hybrid Intelligent Systems: An Agent-Based Framework for Complex Problem Solving , 2004 .

[7]  Nicholas R. Jennings,et al.  On agent-based software engineering , 2000, Artif. Intell..

[8]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[9]  Michael Luck,et al.  Agent technology: Enabling next generation computing , 2003 .

[10]  Annie I. Antón,et al.  Requirements-based Access Control Analysis and Policy Specification (ReCAPS) , 2009, Inf. Softw. Technol..

[11]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[12]  Nicholas R. Jennings Agent-Oriented Software Engineering , 1999, MAAMAW.

[13]  Nicholas R. Jennings,et al.  The Gaia Methodology for Agent-Oriented Analysis and Design , 2000, Autonomous Agents and Multi-Agent Systems.

[14]  Paulo Marques,et al.  Component-based development of mobile agent systems , 2003 .

[15]  Uwe Zdun,et al.  Reengineering to the Web: a reference architecture , 2002, Proceedings of the Sixth European Conference on Software Maintenance and Reengineering.

[16]  Gerd Wagner,et al.  The Agent-Object-Relationship metamodel: towards a unified view of state and behavior , 2003, Inf. Syst..

[17]  Hongji Yang,et al.  Incubating services in legacy systems for architectural migration , 2004, 11th Asia-Pacific Software Engineering Conference.

[18]  Jie Xu,et al.  Software services and software maintenance , 2003, Seventh European Conference onSoftware Maintenance and Reengineering, 2003. Proceedings..

[19]  Ian Clark An Introduction to Role-Based Access Control , 2007, Information Security Management Handbook, 6th ed..

[20]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..