My slides from my talk at Code Generation 2014 in Cambridge, UK.
rbacDSL is a text-based DSL for writing, verifying and correcting RBAC authorisation policies. It produces standard XACML policies that can be used with any XACML evaluation engine.
1. rbacDSL: a DSL for Role-Based Access Control
Lionel Montrieux <lionel.montrieux@open.ac.uk>
The Open University, Milton Keynes, UK
2. Outline
• Background and overview (15 min.)
• Building an authorisation policy - live demo (20 min.)
• Try to think of a good example
• Bonus points for funny ones
• Current research and future directions (10 min.)
9. How it started
• rbacUML and rbacDSML
• OCL constraints
• “model smells”
• fixing incorrect models
• Rational Software Architect 8.0, UML profiles
10. Scenarios?
• Granted: user should be able to perform a list of actions
• Forbidden: !Granted
• User-Role: role should be assigned to at least one user
• Object-Role: role should allow one to perform a list of
actions on objects
• Object: at least one user should be able to perform an
action on an object
13. Current (and past) research
• Automated model fixing (the whole model) [Montrieux13]
• Adaptive access control - automated reaction to inside
threats [Bailey14]
• Dynamic access control - in progress
14. Future directions
• Attributes and conditions support
• User-specific scenarios
• XACML PAP connectors, LDAP connectors
• Dynamic access control features
• Bidirectional graph transformations
15. Any questions? email me: lionel.montrieux@open.ac.uk
get the tool: https://github.com/lmcmontrieux/rbacDSL
16. References
• All publications I co-authored are available on http://oro.open.ac.uk/
view/person/lm25566.html and http://oro.open.ac.uk/view/
person/lmcm5.html
• [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The
NIST model for role-based access control: towards a unified standard.
ACM Workshop on Role-Based Access Control 2000:47-63
• XACML: eXtensible Access Control Modeling Language - OASIS -
https://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=xacml
• Image on slide 6 re-created from http://www.xacml.info
• Images on slides 4 and 15 by J. Hardaway