Model-driven adaptive delegation

Aspect-Oriented Software Development Pub Date : 2013-03-24 DOI:10.1145/2451436.2451445

P. Nguyen, Grégory Nain, Jacques Klein, T. Mouelhi, Yves Le Traon

{"title":"Model-driven adaptive delegation","authors":"P. Nguyen, Grégory Nain, Jacques Klein, T. Mouelhi, Yves Le Traon","doi":"10.1145/2451436.2451445","DOIUrl":null,"url":null,"abstract":"Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that have been studied in a MDE perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. User delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper analyses the main hard-points for introducing various delegation semantics in model-driven security and proposes a model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different systems.","PeriodicalId":353153,"journal":{"name":"Aspect-Oriented Software Development","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Aspect-Oriented Software Development","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2451436.2451445","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that have been studied in a MDE perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. User delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper analyses the main hard-points for introducing various delegation semantics in model-driven security and proposes a model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different systems.

查看原文本刊更多论文

模型驱动的自适应委托

模型驱动的安全性是模型驱动工程(MDE)的专门化，其重点是使安全模型具有生产力，即在最终部署中具有可执行性。在从MDE角度研究的各种模型中，可以提到指定访问权限的访问控制模型。到目前为止，这些模型主要关注访问控制策略的静态定义，而没有考虑到更复杂但重要的权限授权机制。用户委托是管理访问权限的元级机制，它允许没有任何特定管理权限的用户将他/她的访问权限委托给另一个用户。本文分析了模型驱动安全中引入各种委托语义的主要难点，提出了一个模型驱动的框架:1)指定访问控制、委托和业务逻辑作为独立的关注点;2)在安全关键型系统中动态实施/编织具有各种委托特性的访问控制策略;3)提供灵活的动态适应策略。我们通过不同系统的概念验证实现来证明我们提出的解决方案的可行性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Aspect-Oriented Software Development

自引率

0.00%

发文量