Query-based access control for secure collaborative modeling using bidirectional transformations*

Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems Pub Date : 2016-10-02 DOI:10.1145/2976767.2976793

Gábor Bergmann, Csaba Debreceni, I. Ráth, Dániel Varró

{"title":"Query-based access control for secure collaborative modeling using bidirectional transformations*","authors":"Gábor Bergmann, Csaba Debreceni, I. Ráth, Dániel Varró","doi":"10.1145/2976767.2976793","DOIUrl":null,"url":null,"abstract":"Large-scale model-driven system engineering projects are carried out collaboratively. Engineering artifacts stored in model repositories are developed in either offline (checkout-modify-commit) or online (GoogleDoc-style) scenarios. Complex systems frequently integrate models and components developed by different teams, vendors and suppliers. Thus confidentiality and integrity of design artifacts need to be protected by access control policies. We propose a technique for secure collaborative modeling where (1) fine-grained access control for models can be defined by model queries, and (2) such access control policies are strictly enforced by bidirectional model transformations. Each collaborator obtains a filtered local copy of the model containing only those model elements which they are allowed to read; write access control policies are checked on the server upon submitting model changes. We illustrate the approach and carry out an initial scalability assessment using a case study of the MONDO EU project.","PeriodicalId":179690,"journal":{"name":"Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976767.2976793","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

Abstract

Large-scale model-driven system engineering projects are carried out collaboratively. Engineering artifacts stored in model repositories are developed in either offline (checkout-modify-commit) or online (GoogleDoc-style) scenarios. Complex systems frequently integrate models and components developed by different teams, vendors and suppliers. Thus confidentiality and integrity of design artifacts need to be protected by access control policies. We propose a technique for secure collaborative modeling where (1) fine-grained access control for models can be defined by model queries, and (2) such access control policies are strictly enforced by bidirectional model transformations. Each collaborator obtains a filtered local copy of the model containing only those model elements which they are allowed to read; write access control policies are checked on the server upon submitting model changes. We illustrate the approach and carry out an initial scalability assessment using a case study of the MONDO EU project.

查看原文本刊更多论文

使用双向转换的安全协作建模的基于查询的访问控制*

大型模型驱动系统工程项目是协同进行的。存储在模型存储库中的工程工件是在离线(签出-修改-提交)或在线(googledoc风格)场景中开发的。复杂的系统经常集成由不同团队、厂商和供应商开发的模型和组件。因此，需要通过访问控制策略来保护设计工件的机密性和完整性。我们提出了一种安全协作建模技术，其中(1)模型的细粒度访问控制可以通过模型查询定义，(2)这种访问控制策略通过双向模型转换严格执行。每个协作者获得一个经过过滤的模型本地副本，其中只包含那些他们被允许读取的模型元素;在提交模型更改时在服务器上检查写访问控制策略。我们使用MONDO EU项目的一个案例研究来说明该方法并进行初步的可扩展性评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems

自引率

0.00%

发文量