Gábor Bergmann, Csaba Debreceni, I. Ráth, Dániel Varró
{"title":"Query-based access control for secure collaborative modeling using bidirectional transformations*","authors":"Gábor Bergmann, Csaba Debreceni, I. Ráth, Dániel Varró","doi":"10.1145/2976767.2976793","DOIUrl":null,"url":null,"abstract":"Large-scale model-driven system engineering projects are carried out collaboratively. Engineering artifacts stored in model repositories are developed in either offline (checkout-modify-commit) or online (GoogleDoc-style) scenarios. Complex systems frequently integrate models and components developed by different teams, vendors and suppliers. Thus confidentiality and integrity of design artifacts need to be protected by access control policies. We propose a technique for secure collaborative modeling where (1) fine-grained access control for models can be defined by model queries, and (2) such access control policies are strictly enforced by bidirectional model transformations. Each collaborator obtains a filtered local copy of the model containing only those model elements which they are allowed to read; write access control policies are checked on the server upon submitting model changes. We illustrate the approach and carry out an initial scalability assessment using a case study of the MONDO EU project.","PeriodicalId":179690,"journal":{"name":"Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976767.2976793","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 25
Abstract
Large-scale model-driven system engineering projects are carried out collaboratively. Engineering artifacts stored in model repositories are developed in either offline (checkout-modify-commit) or online (GoogleDoc-style) scenarios. Complex systems frequently integrate models and components developed by different teams, vendors and suppliers. Thus confidentiality and integrity of design artifacts need to be protected by access control policies. We propose a technique for secure collaborative modeling where (1) fine-grained access control for models can be defined by model queries, and (2) such access control policies are strictly enforced by bidirectional model transformations. Each collaborator obtains a filtered local copy of the model containing only those model elements which they are allowed to read; write access control policies are checked on the server upon submitting model changes. We illustrate the approach and carry out an initial scalability assessment using a case study of the MONDO EU project.