Authors:
Seyed Hossein Ghotbi
and
Bernd Fischer
Affiliation:
University of Southampton, United Kingdom
Keyword(s):
Fine-grained Role-based Access Control, Testing Access Control Model and Mechanism, Web Applications, Domain-specific Language.
Related
Ontology
Subjects/Areas/Topics:
Domain-Specific Languages
;
MetaModeling
;
Model Analysis and Checking
;
Model Testing
;
Model Transformation
;
Modeling Languages
;
Models
;
Paradigm Trends
;
Software Engineering
Abstract:
Access control policies such as role-based access control (RBAC) enforce desirable security properties, in particular for Web-based applications with many different users. A fine-grained RBAC model gives the developers of such systems more customization and administrative power to control access to fine-granular elements such as individual cells of a table. However, the definition and deployment of such policies is not straightforward, and in many Web applications, they are hand-coded in the database or scattered throughout the application’s
implementation, without taking advantage of underlying central elements, such as the data model or object types. This paper presents FRBAC, a fine-grained RBAC model for the Web application domain. FRBAC achieves separation of concerns for enforcing access to a range of objects with mixed-granularity levels. Moreover, it provides a unique testing mechanism that gives a guarantee to the developer about the correctness, completeness, and sufficienc
y of the defined FRBAC model, both internally and in the context of its target application. We use code generation techniques to compile the specification of a FRBAC model down to the existing tiers of an existing domain-specific Web programming language, WebDSL. We show the benefits of FRBAC on the development of a departmental Web site.
(More)