Abstract
Access control (AC) is a computer security requirement used to control, in a computing environment, what the user can access, when and how. Policy administration is an essential feature of an AC system. As the number of computers are in hundreds of millions, and due to the different organization requirements, applications and needs, various AC models are presented in literature, such as: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC), etc. These models are used to implement organizational policies that prevent the unauthorized disclosure of sensitive data, protecting the data integrity, and enabling secure access and sharing of information. Each AC model has its own methods for making AC decisions and policy enforcement. However, due to the diversity of AC models and the various concerns and restrictions, its essential to find AC metamodels with higher level of abstraction. Access control metamodels serve as a unifying framework for specifying any AC policy and should ease the migration from an AC model to another. This study reviews existing works on metamodels descriptions and representations. But, are the presented metamodels sufficient to handle the needed target of controlling access especially in the presence of the current information technologies? Do they encompass all features of other AC models? In this paper we are presenting a survey on AC metamodels.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Matt, B.: Introduction to Computer Security. Pearson Education India (2006)
De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: principles and solutions. Softw. Pract. Exp. 33(5), 397–421 (2003)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-Based Access Control. Norwood, Artech House (2018)
Kayem, A.V., Akl, S.G., Martin, P.: A presentation of access control methods. In: Adaptive Cryptographic Access Control, pp. 11–40. Springer, Berlin (2010)
Ennahbaoui, M., Elhajji, S.: Study of access control models. In: Proceedings of the World Congress on Engineering (2013)
Ausanka-Crues, R.: Methods for access control: advances and limitations. Harvey Mudd Coll. 301, 20 (2001)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: ACM workshop on Role-Based Access Control (2000)
Crampton, J.: On permissions, inheritance and role hierarchies. In: Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM (2003)
Belokosztolszki, A.: Role-based access control policy administration. University of Cambridge, Computer Laboratory (2004)
Zhang, C.N., Yang, C.: Designing a complete model of role-based access control system for distributed networks. J. Inf. Sci. Eng. 18(6), 871–889 (2002)
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)
OrBAC: Organization Based Access Control. 2010; Available from: http://orbac.org/?page_id=21
Anderson, R.: Security Engineering. Wiley, New York (2008)
Rhodes-Ousley, M.: Information Security: The Complete Reference. McGraw Hill Education (2013)
Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Attributes enhanced role-based access control model. In: International Conference on Trust and Privacy in Digital Business. Springer, Berlin (2015)
Onankunju, B.K.: Access control in cloud computing. Int. J. Sci. Res. Publ. 3(9), 1 (2013)
Hussain, S.: Access control in cloud computing environment. Int. J. Adv. Netw. Appl. 5(4), 2011 (2014)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Liu, J., Xiao, Y., Chen, C.P.: Authentication and access control in the internet of things. In: 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW). IEEE, New York (2012)
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart Contract-Based Access Control for the Internet of Things (2018). arXiv preprint arXiv:1802.04410
Rajpoot, Q.M., Jensen, C.D., Krishnan, R.: Integrating attributes into role-based access control. In: IFIP Annual Conference on Data and Applications Security and Privacy. Springer, Berlin (2015)
Assar, S.: Meta-modeling: concepts, tools and applications. In: IEEE 9th International Conference on Research Challenges in Information Science, IEEE RCIS 2015, Athens, Greece; Available from: https://www.computer.org/cms/ComputingNow/education/said-assar-metamodeling-tutorial.pdf
Sprinkle, J., Rumpe, B., Vangheluwe, H., Karsai, G.: 3 Metamodelling. In: Model-Based Engineering of Embedded Real-Time Systems, pp. 57–76. Springer, Berlin (2010)
Korman, M., Lagerström, R., Ekstedt, M.: Modeling enterprise authorization: a unified metamodel and initial validation. Complex Syst. Inf. Model. Q. 7, 1–24 (2016)
Abd-Ali, J., El Guemhioui, K., Logrippo, L.: A metamodel for hybrid access control policies. JSW 10(7), 784–797 (2015)
Bertolissi, C., Fernández, M.: A metamodel of access control for distributed environments: applications and properties. Inf. Comput. 238, 187–207 (2014)
Bruneliere, H., Garcia, J., Desfray, P., Khelladi, D.E., Hebig, R., Bendraou, R., Cabot, J.: On lightweight metamodel extension to support modeling tools agility. In: European Conference on Modelling Foundations and Applications. Springer, Berlin (2015)
Martínez, S., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Cabot, J.: Towards an access-control metamodel for web content management systems. In: International Conference on Web Engineering. Springer, Berlin (2013)
Emig, C., Brandt, F., Abeck, S., Biermann, J., Klarl, H.: An access control metamodel for web service-oriented architecture (2007)
Martínez, S., Cabot, J., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N.: A model-driven approach for the extraction of network access-control policies. In: Proceedings of the Workshop on Model-Driven Security. ACM (2012)
Acknowledgements
We acknowledge the support of the Natural Sciences and Engineering Research Council of Canada (NSERC), [funding reference number 06351].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kashmar, N., Adda, M., Atieh, M. (2020). From Access Control Models to Access Control Metamodels: A Survey. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_61
Download citation
DOI: https://doi.org/10.1007/978-3-030-12385-7_61
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12384-0
Online ISBN: 978-3-030-12385-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)