Lionel Montrieux scite author profile

Lemos

et al. 2014

Self-adaptive access control, in which self-* properties are applied to protecting systems, is a promising solution for the handling of malicious user behaviour in complex infrastructures. A major challenge in self-adaptive access control is ensuring that chosen adaptations are valid, and produce a satisfiable model of access. The contribution of this paper is the generation, transformation and verification of Role Based Access Control (RBAC) models at run-time, as a means for providing assurances that the adaptations to be deployed are valid. The goal is to protect the system against insider threats by adapting at run-time the access control policies associated with system resources, and access rights assigned to users. Depending on the type of attack, and based on the models from the target system and its environment, the adapted access control models need to be evaluated against the RBAC metamodel, and the adaptation constraints related to the application. The feasibility of the proposed approach has been demonstrated in the context of a fully working prototype using malicious scenarios inspired by a well documented case of insider attack.

Issues in representing domain-specific concerns in model-driven engineering

Wermelinger

et al. 2013

Abstract-The integration of domain-specific concepts in a model-driven engineering (MDE) approach raises a number of interesting research questions. There are two possibilities to represent these concepts. The first one focuses on models that contain domain-specific concepts only, i.e. domain-specific modelling languages (DSML). The second one advocates the integration of domain-specific concepts in general-purpose models, using what we will refer to in this paper as domain-specific modelling annotation languages (DSMAL). In this position paper, we argue that each approach is particularly suited for specific activities and specific actors, and show how they can be developed and used together. We also highlight the challenges created by the use of two representations, such as the evaluation of models OCL constraints and the synchronisation between the two representations. As an illustration, we present rbacUML, our approach for integrating role-based access control (RBAC) concepts into an MDE approach.

Requirements-driven mediation for collaborative security

Bennaceur

Bandara

Jackson

et al. 2014

Security is concerned with the protection of assets from intentional harm. Secure systems provide capabilities that enable such protection to satisfy some security requirements. In a world increasingly populated with mobile and ubiquitous computing technology, the scope and boundary of security systems can be uncertain and can change. A single functional component, or even multiple components individually, are often insufficient to satisfy complex security requirements on their own.Adaptive security aims to enable systems to vary their protection in the face of changes in their operational environment. Collaborative security, which we propose in this paper, aims to exploit the selection and deployment of multiple, potentially heterogeneous, software-intensive components to collaborate in order to meet security requirements in the face of changes in the environment, changes in assets under protection and their values, and the discovery of new threats and vulnerabilities.However, the components that need to collaborate may not have been designed and implemented to interact with one another collaboratively. To address this, we propose a novel framework for collaborative security that combines adaptive security, collaborative adaptation and an explicit representation of the capabilities of the software components that may be needed in order to achieve collaborative security. We elaborate on each of these framework elements, focusing in particular on the challenges and opportunities afforded by (1) the ability to capture, represent, and reason about the capabilities of different software components and their operational context, and (2) the ability of components to be selected and mediated at runtime in order to satisfy the security requirements. We illustrate our vision through a collaborative robotic implementation, and suggest some areas for future work.

Tool support for UML-based specification and verification of role-based access control properties

Wermelinger

2011

It has been argued that security perspectives, of which access control is one, should be taken into account as early as possible in the software development process. Towards that goal, we present in this paper a tool supporting our modelling approach to specify and verify access control in accordance to the NIST standard Role-Based Access Control (RBAC). RBAC is centred on mapping users to their roles in an organisation, to make access control permissions easier to set and maintain.Our modelling approach uses only standard UML mechanisms, like metamodels and OCL constraints, and improves on existing approaches in various ways: designers don't have to learn new languages or adopt new tools or methodologies; user-role and role-permission assignments can be specified separately to be reused across models; access control is specified over class and activity diagrams, including 'antiscenarios'; access control is automatically verified. The tool is built on top of an existing modelling IDE and allows for automatic verification of models according to our RBAC modelling approach, while providing users with the ability to easily identify and correct errors in the model when they are detected.

Challenges in model-based evolution and merging of access control policies

Wermelinger

2011

Access Control plays a crucial part in software security, as it is responsible for making sure that users have access to the resources they need while being forbidden from accessing resources they do not need. Access control models such as Role-Based Access Control have been developed to help system administrators deal with the increasing complexity of the rules that determine whether or not a particular user should access a particular resource. These rules, as well as the users and their needs, are likely to evolve over time. In some cases, it may even be necessary to merge several access control configurations into a single one. In this position paper, we review existing research in model-based software evolution and merging, and argue the need for a specific approach for access control in order to take its specific requirements into account.