Skip to main content
SpringerLink
Log in

From Access Control Models to Access Control Metamodels: A Survey

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2019)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 70))

Included in the following conference series:

Abstract

Access control (AC) is a computer security requirement used to control, in a computing environment, what the user can access, when and how. Policy administration is an essential feature of an AC system. As the number of computers are in hundreds of millions, and due to the different organization requirements, applications and needs, various AC models are presented in literature, such as: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC), etc. These models are used to implement organizational policies that prevent the unauthorized disclosure of sensitive data, protecting the data integrity, and enabling secure access and sharing of information. Each AC model has its own methods for making AC decisions and policy enforcement. However, due to the diversity of AC models and the various concerns and restrictions, its essential to find AC metamodels with higher level of abstraction. Access control metamodels serve as a unifying framework for specifying any AC policy and should ease the migration from an AC model to another. This study reviews existing works on metamodels descriptions and representations. But, are the presented metamodels sufficient to handle the needed target of controlling access especially in the presence of the current information technologies? Do they encompass all features of other AC models? In this paper we are presenting a survey on AC metamodels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Matt, B.: Introduction to Computer Security. Pearson Education India (2006)

    Google Scholar 

  2. De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: principles and solutions. Softw. Pract. Exp. 33(5), 397–421 (2003)

    Google Scholar 

  3. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-Based Access Control. Norwood, Artech House (2018)

    Google Scholar 

  4. Kayem, A.V., Akl, S.G., Martin, P.: A presentation of access control methods. In: Adaptive Cryptographic Access Control, pp. 11–40. Springer, Berlin (2010)

    Google Scholar 

  5. Ennahbaoui, M., Elhajji, S.: Study of access control models. In: Proceedings of the World Congress on Engineering (2013)

    Google Scholar 

  6. Ausanka-Crues, R.: Methods for access control: advances and limitations. Harvey Mudd Coll. 301, 20 (2001)

    Google Scholar 

  7. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: ACM workshop on Role-Based Access Control (2000)

    Google Scholar 

  8. Crampton, J.: On permissions, inheritance and role hierarchies. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM (2003)

    Google Scholar 

  9. Belokosztolszki, A.: Role-based access control policy administration. University of Cambridge, Computer Laboratory (2004)

    Google Scholar 

  10. Zhang, C.N., Yang, C.: Designing a complete model of role-based access control system for distributed networks. J. Inf. Sci. Eng. 18(6), 871–889 (2002)

    Google Scholar 

  11. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)

    Article  Google Scholar 

  12. OrBAC: Organization Based Access Control. 2010; Available from: http://orbac.org/?page_id=21

  13. Anderson, R.: Security Engineering. Wiley, New York (2008)

    Google Scholar 

  14. Rhodes-Ousley, M.: Information Security: The Complete Reference. McGraw Hill Education (2013)

    Google Scholar 

  15. Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Attributes enhanced role-based access control model. In: International Conference on Trust and Privacy in Digital Business. Springer, Berlin (2015)

    Chapter  Google Scholar 

  16. Onankunju, B.K.: Access control in cloud computing. Int. J. Sci. Res. Publ. 3(9), 1 (2013)

    Google Scholar 

  17. Hussain, S.: Access control in cloud computing environment. Int. J. Adv. Netw. Appl. 5(4), 2011 (2014)

    Google Scholar 

  18. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  Google Scholar 

  19. Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the internet of things. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW). IEEE, New York (2012)

    Google Scholar 

  20. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart Contract-Based Access Control for the Internet of Things (2018). arXiv preprint arXiv:1802.04410

  21. Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Integrating attributes into role-based access control. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Berlin (2015)

    Chapter  Google Scholar 

  22. Assar, S.: Meta-modeling: concepts, tools and applications. In: IEEE 9th International Conference on Research Challenges in Information Science, IEEE RCIS 2015, Athens, Greece; Available from: https://www.computer.org/cms/ComputingNow/education/said-assar-metamodeling-tutorial.pdf

  23. Sprinkle, J., Rumpe, B., Vangheluwe, H., Karsai, G.: 3 Metamodelling. In: Model-Based Engineering of Embedded Real-Time Systems, pp. 57–76. Springer, Berlin (2010)

    Chapter  Google Scholar 

  24. Korman, M., Lagerström, R., Ekstedt, M.: Modeling enterprise authorization: a unified metamodel and initial validation. Complex Syst. Inf. Model. Q. 7, 1–24 (2016)

    Google Scholar 

  25. Abd-Ali, J., El Guemhioui, K., Logrippo, L.: A metamodel for hybrid access control policies. JSW 10(7), 784–797 (2015)

    Article  Google Scholar 

  26. Bertolissi, C., Fernández, M.: A metamodel of access control for distributed environments: applications and properties. Inf. Comput. 238, 187–207 (2014)

    Article  MathSciNet  Google Scholar 

  27. Bruneliere, H., Garcia, J., Desfray, P., Khelladi, D.E., Hebig, R., Bendraou, R., Cabot, J.: On lightweight metamodel extension to support modeling tools agility. In: European Conference on Modelling Foundations and Applications. Springer, Berlin (2015)

    Chapter  Google Scholar 

  28. Martínez, S., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Cabot, J.: Towards an access-control metamodel for web content management systems. In: International Conference on Web Engineering. Springer, Berlin (2013)

    Chapter  Google Scholar 

  29. Emig, C., Brandt, F., Abeck, S., Biermann, J., Klarl, H.: An access control metamodel for web service-oriented architecture (2007)

    Google Scholar 

  30. Martínez, S., Cabot, J., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N.: A model-driven approach for the extraction of network access-control policies. In: Proceedings of the Workshop on Model-Driven Security. ACM (2012)

    Google Scholar 

Download references

Acknowledgements

We acknowledge the support of the Natural Sciences and Engineering Research Council of Canada (NSERC), [funding reference number 06351].

Author information

Authors and Affiliations

  1. Université du Québec à Rimouski, Rimouski, QC, G5L 3A1, Canada

    Nadine Kashmar & Mehdi Adda

  2. Lebanese University, Hadat, Lebanon

    Mirna Atieh

Authors
  1. Nadine Kashmar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehdi Adda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mirna Atieh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nadine Kashmar .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kashmar, N., Adda, M., Atieh, M. (2020). From Access Control Models to Access Control Metamodels: A Survey. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_61

Download citation

Publish with us

Policies and ethics

Search

Navigation