A Policy-Based Framework for RBAC

Nabhen, Ricardo; Jamhour, Edgard; Maziero, Carlos

doi:10.1007/978-3-540-39671-0_16

Cited by 4 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Approaches like UMLSec [16] and SecureUML [22] offer the possibility of modeling (role-based) access-control policies but they do not directly support their execution. Close to our work by using MDE techniques for providing PDPs, in [25] the authors provide a PDP/PEP implementation for RBAC based in the PCIM standard whereas in [11] the authors use Security@runtime to implement a PDP (the PDP itself being implemented in Prolog) that supports runtime changes in the access-control policy. Milhau et al combine secureUML and B-method to obtain verifiable access-control PDP.…”

Section: Related Workmentioning

confidence: 99%

Runtime support for rule-based access-control evaluation through model-transformation

Martínez

Garcia

Cabot

2016

Proceedings of the 2016 ACM SIGPLAN International Conference on Software Language Engineering

View full text Add to dashboard Cite

Access-control policies, often the mechanism of choice to implement the security requirements of confidentiality and integrity, can be found in a wide range of application scenarios. Although there are standard languages for accesscontrol and a plethora of works devoted to assure the wellformedness of access-control policies, little attention has been paid to the problem of providing robust and adaptable runtime evaluation engines for the integration of accesscontrol in new DSL's and platforms. Indeed, the integration of access-control requires the development of critical infrastructure facilities around it, so that the policies can be: 1) analyzed and validated and 2) efficiently evaluated against run-time access requests.In order to solve this problem, this paper explores the use of the already mature model transformation frameworks as modern, application-independent infrastructures for accesscontrol languages i.e., following the Policy Enforcement Point(PEP)-Policy Decision Point(PDP) architecture. More specifically, we show how model-driven engineering and the ATL model-transformation framework can be used to lift the infrastructure development burden from developers by providing a robust, flexible and re-usable runtime evaluation engine for rule-based access-control policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Runtime support for rule-based access-control evaluation through model-transformation

Martínez

Garcia

Cabot

2016

Proceedings of the 2016 ACM SIGPLAN International Conference on Software Language Engineering

View full text Add to dashboard Cite

show abstract

“…There are many details concerning how conditions are grouped and evaluated. For a more detailed discussion about extending PCIM model, please, refer to [14].…”

Section: Business Level Qos Policy Modelmentioning

confidence: 99%

Defining Reusable Business-Level QoS Policies for DiffServ

2004

Self Cite

View full text Add to dashboard Cite

Abstract. This paper proposes a PBNM (Policy Based Network Management) framework for automating the process of generating and distributing DiffServ configuration to network devices. The framework is based on IETF standards, and proposes a new business level policy model for simplifying the process of defining QoS policies. The framework is defined in three layers: a business level policy model (based on a IETF PCIM extension), a device independent policy model (based on a IETF QPIM extension) and a device dependent policy model (based on the IETF diffserv PIB definition). The paper illustrates the use of the framework by mapping the information models to XML documents. The XML mapped information model supports the reuse of rules, conditions and network information by using XPointer references.

show abstract

“…In our current implementation, the server application communicates with the RBAC framework through a set of RBAC-based API, which follows the definitions proposed by the NIST standard [1]. These API are described in details in [12]. In the second approach (B) the information in the RBAC-PIB is translated to configuration commands to the underlying system or to network devices via SNMPv3 or CLICommand Line Interface.…”

Section: Related Workmentioning

confidence: 99%

“…The RBPIM is based on a previous work described in [12]. In [12], however, the RBPIM model has been explored using the outsourcing approach.…”

Section: Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

A RBAC-Based Policy Information Base

Squair

Jamhour

Nabhen

Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05)

View full text Add to dashboard Cite

This paper presents a framework for representing and distributing access control policies in distributed heterogeneous systems. Access control polices follow the RBAC (Role Based Access Control) model proposed by the NIST. The framework is based on the provisioning strategy defined by IETF, i.e., the RBAC information is represented in terms of a PIB (Policy Information Base) and distributed to the enforcement elements using the COPS-PR protocol. This approach can be explored in several scenarios, for configuring both, network devices and RBAC-aware applications. The provisioning process takes into account the capabilities of the enforcement element, permitting to eliminate or adapt the configuration not supported by the managed device or application.

show abstract

A Policy-Based Framework for RBAC

Cited by 4 publications

References 3 publications

Runtime support for rule-based access-control evaluation through model-transformation

Runtime support for rule-based access-control evaluation through model-transformation

Defining Reusable Business-Level QoS Policies for DiffServ

A RBAC-Based Policy Information Base

Contact Info

Product

Resources

About