A transformation contract to generate aspects from access control policies |
| |
Authors: | Christiano Braga |
| |
Affiliation: | (1) School of Interactive Arts and Technology, Simon Fraser University Surrey, 13450 102 Ave, Surrey, BC V3T 5X3, Canada;(2) Department of Information Systems, University of Belgrade FON - School of Business Administration, Jove Ilica 154, 11000 Belgrade;(3) Dept. Information Systems & Technologies, University of Belgrade School of Business Administration, Jove Ilica 154, 11000 Belgrade, Serbia; |
| |
Abstract: | Access control is an important security issue. It has been addressed since the late 1960s in the early time-sharing computer
systems. Many access control models have been proposed since than but of particular interest is Ferraiolo and Khun’s role-based
access control model (RBAC). It is a simple and yet general model which has been deeply studied and applied both in industry
and in academia. A variety of industrial standards have been proposed based on this model. Generating code for an access control
policy is an interesting challenge. Understanding access control as a non-functional concern that cross-cuts the functional
part of a system raises difficulties quite suitable for a solution based on aspect-oriented programming. In this paper, we
address the problems of specification and validation of code generation for access control policies targeting an aspect-based
infra-structure. We propose an MDA approach. The code generator is a transformation from SecureUML, an RBAC-based modeling
language, to the language Aspects for Access Control (AAC), an aspect-oriented modeling language proposed in this paper. Metamodels
are used to represent the languages and to specify the transformation. A metamodel is used to represent the abstract syntax
of a language and the constraints that a given instance model of the metamodel must fulfill. We also use a metamodel to specify
the code generator. This transformation metamodel, together with all the constraints, that is, from both languages and those
constraints regarding the merge of the two languages, we call a transformation contract. It merges and conservatively extends the source and target metamodels of the model transformation it represents. In the context of code-generation for
access control policies, the transformation contract specifies the relationships between the abstract syntaxes of SecureUML
and AAC and constrains the two languages. The validation of the code generator also uses the transformation contract. For
a given access control policy and aspect, represented as instances of the appropriate metamodels, with aspects produced by
the code generator, the constraints of the transformation contract must hold. We have prototyped a transformer from SecureUML
to aspects on top of ITP/OCL, an OCL interpreter that automatically validates the generated aspect code by applying the constraints
of the transformation contract. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|