research-article

Towards Attribute-Based Authorisation for Bidirectional Programming

Authors:

Lionel Montrieux,

Zhenjiang HuAuthors Info & Claims

SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

Pages 185 - 196

https://doi.org/10.1145/2752952.2752963

Published: 01 June 2015 Publication History

Abstract

Bidirectional programming allows developers to write programs that will produce transformations that extract data from a source document into a view. The same transformations can then be used to update the source in order to propagate the changes made to the view, provided that the transformations satisfy two essential properties.

Bidirectional transformations can provide a form of authorisation mechanism. From a source containing sensitive data, a view can be extracted that only contains the information to be shared with a subject. The subject can modify the view, and the source can be updated accordingly, without risk of release of the sensitive information to the subject. However, the authorisation model afforded by bidirectional transformations is limited. Implementing an attribute-based access control (ABAC) mechanism directly in bidirectional transformations would violate the essential properties of well-behaved transformations; it would contradict the principle of separation of concerns; and it would require users to write and maintain a different transformation for every subject they would like to share a view with.

In this paper, we explore a solution to enforce ABAC on bidirectional transformations, using a policy language from which filters are generated to enforce the policy rules.

References

[1]

C. Anutariya, S. Chatvichienchai, M. Iwiahara, V. Wuwongse, and Y. Kambayashi. A rule-based XML access control model. In M. Schröder and G. Wagner, editors, Rules and Rule Markup Languages for the Semantic Web, number 2876 in Lecture Notes in Computer Science, pages 35--48. Springer, 2003.

Digital Library

[2]

D. M. Barbosa, J. Cretin, N. Foster, M. Greenberg, and B. C. Pierce. Matching lenses: Alignment and view update. In Proceedings of the 15th ACM SIGPLAN International Conference on Functional Programming, ICFP '10, pages 193--204, New York, NY, USA, 2010. ACM.

Digital Library

[3]

R. Bird. Introduction to Functional Programming using Haskell. Prentice Hall, London; New York, 2nd edition, May 1998.

Digital Library

[4]

A. Bohannon, J. N. Foster, B. C. Pierce, A. Pilkiewicz, and A. Schmitt. Boomerang: Resourceful lenses for string data. In Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '08, pages 407--419, New York, NY, USA, 2008. ACM.

Digital Library

[5]

C. Byun and S. Park. Two phase filtering for XML access control. In W. Jonker and M. Petković, editors, Secure Data Management, number 4165 in Lecture Notes in Computer Science, pages 115--130. Springer, Jan. 2006.

Digital Library

[6]

K. Czarnecki, J. N. Foster, Z. Hu, R. Lämmel, A. Schürr, and J. F. Terwilliger. Bidirectional transformations: A cross-discipline perspective. In R. F. Paige, editor, Theory and Practice of Model Transformations, number 5563 in Lecture Notes in Computer Science, pages 260--283. Springer, Jan. 2009.

Digital Library

[7]

P. D. E. W. Dijkstra. On the role of scientific thought. In Selected Writings on Computing: A personal Perspective, Texts and Monographs in Computer Science, pages 60--66. Springer, 1982.

[8]

M. Duong and Y. Zhang. An integrated access control for securely querying and updating XML data. In A. Fekete and X. Lin, editors, Nineteenth Australasian Database Conference (ADC 2008), volume 75 of CRPIT, pages 75--83, Wollongong, NSW, Australia, 2008. ACS.

Digital Library

[9]

W. Fan, C.-Y. Chan, and M. Garofalakis. Secure XML querying with security views. In Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD '04, pages 587--598, New York, NY, USA, 2004. ACM.

Digital Library

[10]

J. Foster, B. Pierce, and S. Zdancewic. Updatable security views. In 22nd IEEE Computer Security Foundations Symposium, 2009. CSF '09, pages 60--74, July 2009.

Digital Library

[11]

J. N. Foster. Bidirectional Programming Languages. PhD thesis, University of Pensylvania, Dec. 2009.

Digital Library

[12]

J. N. Foster, T. J. Green, and V. Tannen. Annotated XML: Queries and provenance. In Proceedings of the Twenty-seventh ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS '08, pages 271--280, New York, NY, USA, 2008. ACM.

Digital Library

[13]

J. N. Foster, M. B. Greenwald, J. T. Moore, B. C. Pierce, and A. Schmitt. Combinators for bi-directional tree transformations: A linguistic approach to the view update problem. In Proceedings of the 32Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '05, pages 233--246, New York, NY, USA, 2005. ACM.

Digital Library

[14]

A. Gabillon and E. Bruno. Regulating access to XML documents. In M. S. Olivier and D. L. Spooner, editors, Database and Application Security XV, number 87 in IFIP - The International Federation for Information Processing, pages 299--314. Springer, Jan. 2002.

Digital Library

[15]

V. Gowadia and C. Farkas. RDF metadata for XML access control. In Proceedings of the 2003 ACM Workshop on XML Security, XMLSEC '03, pages 39--48, New York, NY, USA, 2003. ACM.

Digital Library

[16]

F. Hermann and J. Voigtländer. First international workshop on bidirectional transformations (BX 2012): Preface. Electronic Communications of the EASST, 49(0), July 2012.

[17]

S. Hidaka, Z. Hu, K. Inaba, H. Kato, K. Matsuda, and K. Nakano. Bidirectionalizing graph transformations. In Proceedings of the 15th ACM SIGPLAN International Conference on Functional Programming, ICFP '10, pages 205--216, New York, NY, USA, 2010. ACM.

Digital Library

[18]

M. Hofmann, B. Pierce, and D. Wagner. Edit lenses. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '12, pages 495--508, New York, NY, USA, 2012. ACM.

Digital Library

[19]

B. Hoisl, Z. Hu, and S. Hidaka. Towards co-evolution in model-driven development via bidirectional higher-order transformation. pages 466--471, Jan. 2014.

[20]

Z. Hu, H. Pacheco, and S. Fischer. Validity checking of putback transformations in bidirectional programming. In C. Jones, P. Pihlajasaari, and J. Sun, editors, FM 2014: Formal Methods, number 8442 in Lecture Notes in Computer Science, pages 1--15. Springer, Jan. 2014.

[21]

M. Kudo and S. Hada. XML document security based on provisional authorization. In Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS '00, pages 87--96, New York, NY, USA, 2000. ACM.

Digital Library

[22]

M. Kudo and N. Qi. Access control policy models for XML. In T. Yu and S. Jajodia, editors, Secure Data Management in Decentralized Systems, number 33 in Advances in Information Security, pages 97--126. Springer, Jan. 2007.

[23]

G. Kuper, F. Massacci, and N. Rassadko. Generalized XML security views. In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, SACMAT '05, pages 77--84, New York, NY, USA, 2005. ACM.

Digital Library

[24]

K. Morita, A. Morihata, K. Matsuzaki, Z. Hu, and M. Takeichi. Automatic inversion generates divide-and-conquer parallel programs. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '07, pages 146--155, New York, NY, USA, 2007. ACM.

Digital Library

[25]

K. Nakano, Z. Hu, and M. Takeichi. Consistent web site updating based on bidirectional transformation. International Journal on Software Tools for Technology Transfer, 11(6):453--468, Dec. 2009.

Digital Library

[26]

OASIS. eXtensible access control markup language (XACML) version 3.0, Jan. 2013.

[27]

H. Pacheco, T. Zan, and Z. Hu. BiFluX: A bidirectional functional update language for XML. In 6th International Symposium on Principles and Practice of Declarative Programming (PPDP 2014), 2014.

Digital Library

[28]

A. Rota, S. Short, and M. A. Rahaman. XML secure views using semantic access control. In Proceedings of the 2010 EDBT/ICDT Workshops, EDBT '10, pages 5:1--5:10, New York, NY, USA, 2010. ACM.

Digital Library

[29]

A. Stoica and C. Farkas. Secure XML views. In E. Gudes and S. Shenoi, editors, Research Directions in Data and Applications Security, number 128 in IFIP - The International Federation for Information Processing, pages 133--146. Springer, 2003.

[30]

M. Thimma, T. K. Tsui, and B. Luo. HyXAC: A hybrid approach for XML access control. In Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT '13, pages 113--124, New York, NY, USA, 2013. ACM.

Digital Library

[31]

W3C. OWL web ontology language reference, Feb. 2004.

[32]

W3C. XSL transformations (XSLT) version 2.0, Jan. 2007.

[33]

W3C. XML XPath language (XPath) 3.0, Apr. 2014.

[34]

W3C. XQuery 3.0: An XML query language, Apr. 2014.

[35]

Y. Yu, Y. Lin, Z. Hu, S. Hidaka, H. Kato, and L. Montrieux. Maintaining invariant traceability through bidirectional transformations. In 2012 34th International Conference on Software Engineering (ICSE), pages 540--550, June 2012.

Digital Library

[36]

T. Zan, H. Pacheco, and Z. Hu. Writing bidirectional model transformations as intentional updates. In Companion Proceedings of the 36th International Conference on Software Engineering, ICSE Companion 2014, pages 488--491, New York, NY, USA, 2014. ACM.

Digital Library

[37]

X. Zhang, J. Park, and R. Sandhu. Schema based XML security: RBAC approach. In S. D. C. d. Vimercati, I. Ray, and I. Ray, editors, Data and Applications Security XVII, number 142 in IFIP International Federation for Information Processing, pages 330--343. Springer, 2004.

Cited By

Gómez AMendialdua XBarmpis KBergmann GCabot Jde Carlos XDebreceni CGarmendia AKolovos Dde Lara J(2020)Scalable modeling technologies in the wild: an experience report on wind turbines control applications developmentSoftware and Systems Modeling (SoSyM)10.1007/s10270-020-00776-819:5(1229-1261)Online publication date: 1-Sep-2020
https://dl.acm.org/doi/10.1007/s10270-020-00776-8
Srivastava KShekokar N(2020)Machine Learning Based Risk-Adaptive Access Control System to Identify Genuineness of the RequesterModern Approaches in Machine Learning and Cognitive Science: A Walkthrough10.1007/978-3-030-38445-6_10(129-143)Online publication date: 5-Feb-2020
https://doi.org/10.1007/978-3-030-38445-6_10
Debreceni CBergmann GRáth IVarró D(2019)Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformationsSoftware and Systems Modeling (SoSyM)10.1007/s10270-017-0631-818:3(1737-1769)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1007/s10270-017-0631-8
Show More Cited By

Index Terms

Towards Attribute-Based Authorisation for Bidirectional Programming
1. Security and privacy
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
A network access control approach based on the AAA architecture and authorization attributes

Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or Mobile IP. This paper presents a particular scenario where ...
Towards a times-based usage control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security

Modern information systems require temporal and privilege-consuming usage of digital objects. To meet these requirements, we present a new access control model-Times-based Usage Control (TUCON). TUCON extends traditional and temporal access control ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

June 2015

242 pages

ISBN:9781450335560

DOI:10.1145/2752952

General Chair:
Edgar Weippl
SBA Research, Austria
,
Program Chairs:
Florian Kerschbaum
SAP, Germany
,
Adam J. Lee
University of Pittsburgh, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Nation Basic Research Program (973 Program) of China
JSPS Grant-in-Aid for Scientific Research (A) in Japan

Conference

SACMAT '15

Sponsor:

SIGSAC

SACMAT '15: 20th ACM Symposium on Access Control Models and Technologies

June 1 - 3, 2015

Vienna, Austria

Acceptance Rates

SACMAT '15 Paper Acceptance Rate 17 of 59 submissions, 29%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
129
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gómez AMendialdua XBarmpis KBergmann GCabot Jde Carlos XDebreceni CGarmendia AKolovos Dde Lara J(2020)Scalable modeling technologies in the wild: an experience report on wind turbines control applications developmentSoftware and Systems Modeling (SoSyM)10.1007/s10270-020-00776-819:5(1229-1261)Online publication date: 1-Sep-2020
https://dl.acm.org/doi/10.1007/s10270-020-00776-8
Srivastava KShekokar N(2020)Machine Learning Based Risk-Adaptive Access Control System to Identify Genuineness of the RequesterModern Approaches in Machine Learning and Cognitive Science: A Walkthrough10.1007/978-3-030-38445-6_10(129-143)Online publication date: 5-Feb-2020
https://doi.org/10.1007/978-3-030-38445-6_10
Debreceni CBergmann GRáth IVarró D(2019)Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformationsSoftware and Systems Modeling (SoSyM)10.1007/s10270-017-0631-818:3(1737-1769)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1007/s10270-017-0631-8
Montrieux LUbayashi NZhao TJin ZHu Z(2019)Bidirectional Transformations for Self-Adaptive SystemsEngineering Adaptive Software Systems10.1007/978-981-13-2185-6_4(95-114)Online publication date: 15-Jan-2019
https://doi.org/10.1007/978-981-13-2185-6_4
Bergmann GDebreceni CRáth IVarró DBaudry BCombemale BKienzle JPretschner A(2016)Query-based access control for secure collaborative modeling using bidirectional transformations*Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems10.1145/2976767.2976793(351-361)Online publication date: 2-Oct-2016
https://dl.acm.org/doi/10.1145/2976767.2976793

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten