Skip to main content

Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 455)

Abstract

Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the whole system. For the specific case of access-control, access-control policies may be found in several components (databases, networks and applications) all, supposedly, working together in order to meet the high level security property. In this work we propose an integration mechanism for access-control policies to enable the analysis of the system security. We rely on model-driven technologies and the XACML standard to achieve this goal.

Keywords

  • Policy Language
  • Security Policy
  • Context Attribute
  • Content Management System
  • XACML Policy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. Bauer, L., Appel, A.W.: Access Control for the Web via Proof-Carrying Authorization. PhD thesis, Princeton University (2003)

    Google Scholar 

  2. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An Algebra for Composing Access Control Policies. TISSEC 5(1), 1–35 (2002)

    CrossRef  Google Scholar 

  3. Casalino, M.M., Thion, R.: Refactoring multi-layered access control policies through (de)composition. In: CNSM, pp. 243–250 (2013)

    Google Scholar 

  4. Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miège, A.: A formal approach to specify and deploy a network security policy. In: FAST 2004, pp. 203–218 (2004)

    Google Scholar 

  5. Davy, S., Jennings, B., Strassner, J.: The Policy Continuum-Policy Authoring and Conflict Analysis. Computer Communications 31(13), 2981–2995 (2008)

    CrossRef  Google Scholar 

  6. Hu, H., Ahn, G.-J., Kulkarni, K.: Anomaly discovery and resolution in web access control policies. In: SACMAT 2011, pp. 165–174. ACM (2011)

    Google Scholar 

  7. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  8. Jouault, F., Allilaire, F., Bézivin, J., Kurtev, I.: ATL: A Model Transformation Tool. Science of Computer Programming 72(1), 31–39 (2008)

    MathSciNet  CrossRef  MATH  Google Scholar 

  9. Lockhart, H., Parducci, B., Anderson, A.: OASIS XACML TC (2013)

    Google Scholar 

  10. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  11. Martínez, S., Cosentino, V., Cabot, J., Cuppens, F.: Reverse engineering of database security policies. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds.) DEXA 2013, Part II. LNCS, vol. 8056, pp. 442–449. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  12. Martínez, S., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Cabot, J.: Model-driven extraction and analysis of network security policies. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 52–68. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  13. Martínez, S., García-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Cabot, J.: Towards an access-control metamodel for web content management systems. In: ICWE Workshops, pp. 148–155 (2013)

    Google Scholar 

  14. Mazzoleni, P., Crispo, B., Sivasubramanian, S., Bertino, E.: XACML Policy Integration Algorithms. TISSEC 11(1), 4 (2008)

    CrossRef  Google Scholar 

  15. Mouelhi, T., Fleurey, F., Baudry, B., Le Traon, Y.: A model-based framework for security policy specification, deployment and testing. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 537–552. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  16. OMG. OCL, version 2.0. Object Management Group, June 2005

    Google Scholar 

  17. Preda, S., Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J., Toutain, L.: Model-driven security policy deployment: property oriented approach. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 123–139. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  18. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. RBAC 2000, pp. 47–63. ACM (2000)

    Google Scholar 

  19. Trninic, B., Sladic, G., Milosavljevic, G., Milosavljevic, B., Konjovic, Z.: PolicyDSL: towards generic access control management based on a policy metamodel. In: SoMeT, pp. 217–223 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Salvador Martínez .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 IFIP International Federation for Information Processing

About this paper

Cite this paper

Martínez, S., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Cabot, J. (2015). Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems. In: Federrath, H., Gollmann, D. (eds) ICT Systems Security and Privacy Protection. SEC 2015. IFIP Advances in Information and Communication Technology, vol 455. Springer, Cham. https://doi.org/10.1007/978-3-319-18467-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-18467-8_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-18466-1

  • Online ISBN: 978-3-319-18467-8

  • eBook Packages: Computer ScienceComputer Science (R0)