Domain-specific languages (DSLs) express requirements or designs, often through visual abstractions. To be effective and reliable for complex development tasks such as code generation, testing and analysis, DSLs need semantic foundations. This paper introduces a model-based framework for testing and analysis based on operational semantics for DSLs expressed through graph rewriting.

Dynamic role-based access control models (RBACMs) express constraints on who can access which resources under a dynamic notion of role membership. In particular, access control policies for smart contracts involve multiple parties that are members of different groups or organisations. Such policies combine complex logical and dynamic constraints, and are hard to design, understand, validate and test at code level.

We apply our framework to a DSL for multi-party role-based access control policies which is defined as an extension of the {it iContractML} 2.0 metamodel. The diagrammatic notation supports complex authorisation patterns, including alternatives and multiplicities, to address the nuanced access control requirements of smart contract applications. Defining the operational semantics for RBACMs as a graph rewriting model, we let the Groove model checker produce traces for actions where access is granted or denied to generate tests for smart contracts in the Digital Asset Modelling Language (DAML).

We use an extended model to validate dynamic access control scenarios generated by ChatGPT. Such scenarios represent business workflows interleaved with operations to add or remove role members. They are expressed as Groove control programs to be verified by its model checker, for use as test cases or advising users at runtime.