Runtime Support for Rule-Based Access-Control Evaluation through Model-Transformation
Access-control policies, often the mechanism of choice to implement the security requirements of confidentiality and integrity, can be found in a wide range of application scenarios. Although there are standard languages for access-control and a plethora of works devoted to assure the well-formedness of access-control policies, little attention has been paid to the problem of providing robust and adaptable runtime evaluation engines for the integration of access-control in new DSL's and platforms. Indeed, the integration of access-control requires the development of critical infrastructure facilities around it, so that the policies can be: 1) analyzed and validated and 2) efficiently evaluated against run-time access requests.
In order to solve this problem, this paper explores the use of the already mature model transformation frameworks as modern, application-independent infrastructures for access-control languages i.e., following the Policy Enforcement Point(PEP)-Policy Decision Point(PDP) architecture. More specifically, we show how model-driven engineering and the ATL model-transformation framework can be used to lift the infrastructure development burden from developers by providing a robust, flexible and re-usable runtime evaluation engine for rule-based access-control policies.
Mon 31 Oct Times are displayed in time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
|13:30 - 13:55|
Daniel SeyboldUlm University, Germany, Jörg DomaschkaUlm University, Germany, Alessandro RossiniSINTEF, Norway, Christopher B. HauserUlm University, Germany, Frank GriesingerUlm University, Germany, Athanasios TsitsipasUlm University, GermanyDOI
|13:55 - 14:20|
Salvador MartínezOpen University of Catalonia, France, Jokin GarcíaIK4-IKERLAN Research Center, Spain, Jordi CabotOpen University of Catalonia, SpainDOI
|14:20 - 14:45|
|DOI Media Attached|
|14:45 - 15:00|
Erwan BousseTU Vienna, Austria, Thomas DegueuleInria, France, Didier VojtisekInria, France, Tanja MayerhoferTU Vienna, Austria, Julien DeAntoni, Benoit CombemaleUniversity of Rennes 1, FranceDOI Pre-print Media Attached File Attached