Page d'accueil // SnT // News & E... // PhD defence: Comprehensive Specification and Efficient Enforcement of Role-based Access Control Policies using a Model-driven Approach

PhD defence: Comprehensive Specification and Efficient Enforcement of Role-based Access Control Policies using a Model-driven Approach

twitter linkedin facebook google+ email this page
Add to calendar
Conférencier : Ameni Ben Fadhel
Date de l'événement : jeudi, 14 septembre 2017, 14:30 - 18:30
Lieu : Room E004, JFK Building
29 Avenue J.F. Kennedy
L-1855 Kirchberg

Members of the defence committee:

Chairman: Dr. Jacques KLEIN, University of Luxembourg
Vice Chairman: Dr. Domenico BIANCULLI, University of Luxembourg
Supervisor: Prof. Dr. Lionel BRIAND, University of Luxembourg
Member: Prof. Dr.Davide BALZAROTTI, Institut Eurecom, France
Member: Prof. Dr.Friedrich STEIMANN, FemUniversität of Hagen, Germany

Abstract: Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the access is granted or denied based on the authorization policies defined within the enterprise. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user’s role. 

In this dissertation, we focus on the problems of modeling, specifying and enforcing complex RBAC policies, by making the following contributions:

  1. the GemRBAC+CTX conceptual model, a UML extension of the RBAC model that includes all the entities required to express the various types of RBAC policies found in the literature, with a specific emphasis on contextual policies. For each type of policy, we provided the corresponding formalization using the Object Constraint Language (OCL) to operationalize the access decision for a user’s request using model-driven technologies.
  2. the GemRBAC-DSL language, a domain-specific language for RBAC policies designed on top of the GemRBAC+CTX model. The language is characterized by a syntax close to natural language, which does not require any mathematical background for expressing RBAC policies. The language supports all the authorization policies captured by the GemRBAC+CTX model.
  3. MORRO, a model-driven framework for the run-time enforcement of RBAC policies expressed in GemRBAC-DSL, built on top of the GemRBAC+CTX model. MORRO provides policy enforcement for both access and usage control.
  4. three tools (an editor for GemRBAC-DSL, a model transformation tool for GemRBAC-DSL, a run-time enforcement framework) have been implemented and released as part of this work. The GemRBAC+CTX model and the GemRBAC-DSL language have been adopted by our industrial partner for the specification of the access control policies of a Web application in the domain of disaster relief intervention. We have extensively evaluated the applicability and the scalability of MORRO on this Web application. The experimental results show that an access decision can be made on average, in less than 107 ms and that the time for processing a notification of an AC-related event is less than 512 ms. Furthermore, both the access decision time and the execution time for processing a notification of an AC-related event scale—in the majority of the cases—linearly with respect to the parameters characterizing AC configurations; in the remaining cases, the access decision time is constant.