Runtime Support for Rule-Based Access-Control Evaluation through Model-Transformation
Access-control policies, often the mechanism of choice to implement the security requirements of confidentiality and integrity, can be found in a wide range of application scenarios. Although there are standard languages for access-control and a plethora of works devoted to assure the well-formedness of access-control policies, little attention has been paid to the problem of providing robust and adaptable runtime evaluation engines for the integration of access-control in new DSL's and platforms. Indeed, the integration of access-control requires the development of critical infrastructure facilities around it, so that the policies can be: 1) analyzed and validated and 2) efficiently evaluated against run-time access requests.
In order to solve this problem, this paper explores the use of the already mature model transformation frameworks as modern, application-independent infrastructures for access-control languages i.e., following the Policy Enforcement Point(PEP)-Policy Decision Point(PDP) architecture. More specifically, we show how model-driven engineering and the ATL model-transformation framework can be used to lift the infrastructure development burden from developers by providing a robust, flexible and re-usable runtime evaluation engine for rule-based access-control policies.
Mon 31 OctDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:10 | |||
13:30 25mTalk | Experiences of Models@run-time with EMF and CDO SLE Daniel Seybold Ulm University, Germany, Jörg Domaschka Ulm University, Germany, Alessandro Rossini SINTEF, Norway, Christopher B. Hauser Ulm University, Germany, Frank Griesinger Ulm University, Germany, Athanasios Tsitsipas Ulm University, Germany DOI | ||
13:55 25mTalk | Runtime Support for Rule-Based Access-Control Evaluation through Model-Transformation SLE Salvador Martínez Open University of Catalonia, France, Jokin García IK4-IKERLAN Research Center, Spain, Jordi Cabot Open University of Catalonia, Spain DOI | ||
14:20 25mTalk | Object-Oriented Design Pattern for DSL Program Monitoring SLE DOI Media Attached | ||
14:45 15mTalk | Execution Framework of the GEMOC Studio (Tool Demo) SLE Erwan Bousse TU Vienna, Austria, Thomas Degueule Inria, France, Didier Vojtisek Inria, France, Tanja Mayerhofer TU Vienna, Austria, Julien DeAntoni , Benoit Combemale University of Rennes 1, France DOI Pre-print Media Attached File Attached |