Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management

  • Chapter
Transactions on Aspect-Oriented Software Development XI

Part of the book series: Lecture Notes in Computer Science ((TAOSD,volume 8400))

Abstract

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one canmention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy.We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different component-based systems running on different adaptive execution platforms, i.e. OSGi and Kevoree.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ahn, G.-J., Mohan, B., Hong, S.-P.: Towards secure information sharing using role-based delegation. J. Netw. Comput. Appl. 30(1), 42–59 (2007)

    Article  Google Scholar 

  2. Barka, E., Sandhu, R.: Role-based delegation model/hierarchical roles (RBDM1). In: Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC 2004, pp. 396–404. IEEE Computer Society (2004)

    Google Scholar 

  3. Barker, S., Fernández, M.: Term rewriting for access control. In: DBSec, pp. 179–193 (2006)

    Google Scholar 

  4. Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)

    Article  Google Scholar 

  5. Ben-Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: A delegation model for extended RBAC. Int. J. Inf. Secur. 9(3), 209–236 (2010)

    Article  Google Scholar 

  6. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Trans. Inf. Syst. 17(2), 101–140 (1999)

    Article  Google Scholar 

  7. Bertolissi, C., Fernández, M., Barker, S.: Dynamic event-based access control as term rewriting. In: DBSec, pp. 195–210 (2007)

    Google Scholar 

  8. Bruneton, E., Coupaye, T., Leclercq, M., Quéma, V., Stefani, J.: The Fractal component model and its support in Java. Software Practice and Experience, Special Issue on Experiences with Auto-adaptive and Reconfigurable Systems 36(11-12), 1257–1284 (2006)

    Google Scholar 

  9. Crampton, J., Khambhammettu, H.: Delegation in role-based access control. International Journal of Information Security 7(2), 123–136 (2008)

    Article  Google Scholar 

  10. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. International Journal of Information Security 7(4), 285–305 (2007)

    Article  Google Scholar 

  11. Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for secure software design. In: FMSE 2004: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 75–85. ACM (2004)

    Google Scholar 

  12. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  13. Fouquet, F., Nain, G., Morin, B., Daubert, E., Barais, O., Plouzeau, N., Jézéquel, J.-M.: An Eclipse Modelling Framework Alternative to Meet the Models@Runtime Requirements. In: France, R.B., Kazmeier, J., Breu, R., Atkinson, C. (eds.) MODELS 2012. LNCS, vol. 7590, pp. 87–101. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  15. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks, POLICY 2003, pp. 120–131 (2003)

    Google Scholar 

  17. Kim, D.-K., Ray, I., France, R.B., Li, N.: Modeling role-based access control using parameterized UML models. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 180–193. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Klatt, B.: Xpand: A closer look at the model2text transformation language. Language (10/16/2008) (2007)

    Google Scholar 

  19. Lampson, B.W.: Protection. SIGOPS Oper. Syst. Rev. 8(1), 18–24 (1974)

    Article  Google Scholar 

  20. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Morin, B., Barais, O., Jézéquel, J.-M., Fleurey, F., Solberg, A.: Models@ Run.time to support dynamic adaptation. Computer 42(10), 44–51 (2009)

    Article  Google Scholar 

  22. Morin, J.-M.B., Barais, O., Nain, G., Jézéquel: Taming dynamically adaptive systems with Models and Aspects. In: ICSE 2009: 31st International Conference on Software Engineering (May 2009)

    Google Scholar 

  23. Morin, B., Fleurey, F., Bencomo, N., Jézéquel, J.-M., Solberg, A., Dehlen, V., Blair, G.S.: An aspect-oriented and model-driven approach for managing dynamic variability. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 782–796. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  24. Morin, B., Mouelhi, T., Fleurey, F., Le Traon, Y., Barais, O., Jézéquel, J.-M.: Security-driven model-based dynamic adaptation. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE 2010, pp. 205–214. ACM (2010)

    Google Scholar 

  25. Mouelhi, T., Traon, Y.L., Baudry, B.: Transforming and selecting functional test cases for security policy testing. In: Proceedings of the 2009 International Conference on Software Testing Verification and Validation, ICST 2009, pp. 171–180. IEEE Computer Society (2009)

    Google Scholar 

  26. Muller, P.-A., Fleurey, F., Jézéquel, J.-M.: Weaving executability into object-oriented meta-languages. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 264–278. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Na, S., Cheon, S.: Role delegation in role-based access control. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, RBAC 2000, pp. 39–44. ACM (2000)

    Google Scholar 

  28. Nguyen, P.H., Nain, G., Klein, J., Mouelhi, T., Le Traon, Y.: Model-driven adaptive delegation. In: Proceedings of the 12th Annual International Conference on Aspect-Oriented Software Development, Modularity: AOSD 2013, pp. 61–72. ACM (2013)

    Google Scholar 

  29. Nguyen, P.H., Papadakis, M., Rubab, I.: Testing delegation policy enforcement via mutation analsysis. In: Proceedings of the Workshop on Mutation Testing @ the Sixth IEEE International Conference on Software Testing, ICST 2013, pp. 61–72. IEEE (2013)

    Google Scholar 

  30. Rubio, D.: Pro Spring dynamic modules for OSGi service platforms (2009)

    Google Scholar 

  31. Sandhu, R., Park, J.: Usage control: A vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  32. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  33. O. The OSGi Alliance. OSGi service platform core specification, release 4.1(2007)

    Google Scholar 

  34. Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, SACMAT 2003, pp. 149–157. ACM (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg, 4 rue Alphonse Weicker, L-2721, Luxembourg

    Phu H. Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi & Yves Le Traon

Authors
  1. Phu H. Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregory Nain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacques Klein
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tejeddine Mouelhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yves Le Traon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The University of Tokyo, Tokyo, Japan

    Shigeru Chiba

  2. University of Chile, Santiago, Chile

    Éric Tanter

  3. Technical University of Darmstadt, Darmstadt, Germany

    Eric Bodden

  4. Tel Aviv University, Tel Aviv, Israel

    Shahar Maoz

  5. McGill University, Montreal, Canada

    Jörg Kienzle

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Nguyen, P.H., Nain, G., Klein, J., Mouelhi, T., Le Traon, Y. (2014). Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management. In: Chiba, S., Tanter, É., Bodden, E., Maoz, S., Kienzle, J. (eds) Transactions on Aspect-Oriented Software Development XI. Lecture Notes in Computer Science, vol 8400. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55099-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-55099-7_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-55098-0

  • Online ISBN: 978-3-642-55099-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation