A Graphical Framework for the Category-Based Metamodel for Access   Control and Obligations

Sandra Alves; Jorge Igl\'esias

arXiv:2111.00588·cs.LO·November 2, 2021

A Graphical Framework for the Category-Based Metamodel for Access Control and Obligations

Sandra Alves, Jorge Igl\'esias

PDF

Open Access

TL;DR

This paper introduces a graph-based framework for visualizing and analyzing obligations within category-based access control policies, enabling better understanding and management of complex security policies.

Contribution

It presents a novel graphical framework for CBACO, integrating obligations into access control models and demonstrating implementation using the PORGY graph-rewriting tool.

Findings

01

Effective visualization of obligations in access control policies

02

Implementation of dynamic behavior in policy analysis

03

Unified framework subsuming multiple access control models

Abstract

We design a graph-based framework for the visualisation and analysis of obligations in access control policies. We consider obligation policies in CBACO, the category-based access control model, which has been shown to subsume many of the most well known access control such as MAC, DAC, RBAC. CBACO is an extension of the CBAC metamodel that deals with obligations. We describe the implementation of the proposed model in PORGY, a strategy driven graph-rewriting tool, based on the theory of port-graphs. CBACO policies allow for dynamic behavior in the modelled systems, which is implemented using the strategy language of PORGY.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAccess Control and Trust · Security and Verification in Computing · Digital Rights Management and Security