Abstract
Security is among the most successful applications of aspect-oriented concepts. In particular, in role-based access control, aspects capture access conditions in a quite modular way. The question we address in this paper is how can aspects be generated from access control policies under a validated process?
We present a metamodel-based transformation from SecureUML, a role-based access control language, to an abstract aspect language. Within this model-driven engineering context, a security policy is represented as an instance of SecureUML’s metamodel and the generated aspect is represented as an instance of the abstract aspect language metamodel. Invariants specified on the merged metamodel of SecureUML and the abstract aspect language are checked to validate the generated aspect with respect to the given security policy.
We have prototyped our approach as a Java application on top of ITP/OCL, a rewriting-based OCL evaluator. It outputs validated AspectJ code from a SecureUML policy.
Research sponsored by RamĂłn y Cajal program (MICINN), project DESAFIOS (TIN2006-15660-C02-01, MICINN) and project PROMESAS (S-0505/TIC/0407, CAM).
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)
Bézivin, J., Büttner, F., Gogolla, M., Jouault, F., Kurtev, I., Lindow, A.: Model transformations? Transformation models! In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 440–453. Springer, Heidelberg (2006)
Braga, C., Clavel, M., Durán, F., Eker, S., Farzan, A., Hendrix, J., Lincoln, P., MartĂ-Oliet, N., Meseguer, J., Olveczky, P., Palomino, M., Sasse, R., Stehr, M.-O., Talcott, C., Verdejo, A.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350, pp. 667–693. Springer, Heidelberg (2007), http://dx.doi.org/10.1007/978-3-540-71999-1_21
Brucker, A.D., Doser, J., Wolff, B.: A model transformation semantics and analysis methodology for secureUML. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 306–320. Springer, Heidelberg (2006)
Chen, K., Lin, C.-W.: An aspect-oriented approach to declarative access control for web applications. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 176–188. Springer, Heidelberg (2006)
Clavel, M., Basin, D., Doser, J., Egea, M.: Automated analysis of security-design models. Information and Software Technology (2008), http://maude.sip.ucm.es/~clavel/pubs/BCDE07-journal.pdf
Clavel, M., da Silva, V., Braga, C., Egea, M.: Model-driven security in practice: An industrial experience. In: Schieferdecker, I., Hartman, A. (eds.) ECMDA-FA 2008. LNCS, vol. 5095, pp. 326–337. Springer, Heidelberg (2008), http://maude.sip.ucm.es/~clavel/pubs/CSBE08.pdf
Clavel, M., Egea, M.: ITP/OCL: A rewriting-based validation tool for UML+OCL static class diagrams. In: Johnson, M., Vene, V. (eds.) AMAST 2006. LNCS, vol. 4019, pp. 368–373. Springer, Heidelberg (2006)
de Win, B., Vanhaute, B., Decker, B.D.: Security through aspect-oriented programming. In: Proceedings of the IFIP TC11 WG 11.4 First Annual Conference on Netwrok Security: Advances in Network and Distributed Systems Security, vol. 206, pp. 125–138 (2001)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House Publishers (2007)
Gao, S., Deng, Y., Yu, H., He, X., Beznosov, K., Cooper, K.: Applying aspect-orientation in designing security systems: A case study. In: Proceedings of 16th International Conference on Software Engineering and Knowledge Engineering, Banff, Alberta, Canada, June 20-24, pp. 360–365 (2004)
Goguen, J.A., Meseguer, J.: Order-sorted algebra I: equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theoretical Computer Science 105(2), 217–273 (1992)
Jürjens, J., Houmb, S.H.: Dynamic secure aspect modeling with UML: From models to code. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 142–155. Springer, Heidelberg (2005)
Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An overview of aspectJ. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–355. Springer, Heidelberg (2001)
Meyer, B.: Object-Oriented software construction, 2nd edn. Prentice-Hall, Englewood Cliffs (1997)
Miller, J., Mukerji, J. (eds.): MDA Guide (Version 1.0.1). Number omg/2003-06-01. OMG (2006)
Object Management Group. MOF QVT Final Adopted Specification, OMG Adopted Specification ptc/05-11-01 (2005)
Pavlich-Mariscal, J.A., Michel, L., Demurjian, S.A.: A formal enforcement framework for role-based access control using aspect-oriented programming. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 537–552. Springer, Heidelberg (2005)
Ray, I., France, R., Li, N., Georg, G.: An aspect-based approach to modeling access control concerns. Information and Software Technology 46(9), 575–587 (2004)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Braga, C. (2009). From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach. In: Chaudron, M.R.V. (eds) Models in Software Engineering. MODELS 2008. Lecture Notes in Computer Science, vol 5421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01648-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-01648-6_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01647-9
Online ISBN: 978-3-642-01648-6
eBook Packages: Computer ScienceComputer Science (R0)