Skip to main content
SpringerLink
Log in

A uniform approach for access control and business models with explicit rule realization

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Access control is an important part of security in software, such as business applications, since it determines the access of users to objects and operations and the constraints of this access. Business and access control models are expressed using different representations. In addition, access control rules are not generally defined explicitly from access control models. Even though the business model and access control model are two separate modeling abstractions, they are inter-connected as access control is part of any business model. Therefore, the first goal is to add access control models to business models using the same fundamental building blocks. The second goal is to use these models and define general access control rules explicitly from these models so that the connection between models and their realizations are also present. This paper describes a new common representation for business models and classes of access control models based on the Resource–Event–Agent (REA) modeling approach to business models. In addition, the connection between models and their represented rules is clearly defined. We present a uniform approach to business and access control models. First, access control primitives are mapped onto REA-based access control patterns. Then, REA-based access control patterns are combined to define access control models. Based on these models, general access control rules are expressed in Extended Backus–Naur Form.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24

Similar content being viewed by others

Notes

  1. A pattern is here used in the same sense as described by Fowler [19].

  2. The early access control models used the term subject for an active process, whereas in some recent access control models, such as role-based access control (RBAC), an operation and a subject are distinguished between [15]: a subject refers to a process possibly invoking several operations.

References

  1. Al-Kahtani, M., Sandhu, R.: Rule-Based RBAC with negative authorization. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC), pp. 405–415 (2004)

  2. Al-Kahtani, M., Sandhu, R.: A model for attribute-based user-role assignment. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC), pp. 353–364 (2002)

  3. Ambler, S.: The Elements of UML 2.0 Style. Cambridge University Press, Cambridge (2005)

    Book  Google Scholar 

  4. Artale, A., Franconi, E., Guarino, N., Pazzi, L.: Part-whole relations in object-centered systems: an overview. Data Knowl. Eng. 20(3), 347–383 (1996)

    Article  MATH  Google Scholar 

  5. Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 187–196 (2009)

  6. Benantar, M.: Access Control Systems: Security, Identity, Management, and Trust Models. Springer, Berlin (2006)

    MATH  Google Scholar 

  7. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6(1), 71–127 (2003)

    Article  Google Scholar 

  8. Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: a temporal role-based access control model. In: Proceedings of the ACM Workshop on Role-Based Access Control, pp. 21–30 (2000)

  9. Bertino, E., Samarati, P., Jajodia, S.: An extended authorization model for relational databases. IEEE Trans. Knowl. Data Eng. 9(1), 85–101 (1997)

    Article  Google Scholar 

  10. Blaha, M., Rumbaugh, J.: Object-Oriented Modeling and Design with UML, 2nd edn. Pearson Prentice Hall, Englewood Cliffs (2005)

    MATH  Google Scholar 

  11. Chandramouli, R.: Application of XML tools for enterprise-wide RBAC implementation tasks. In: Proceedings of the ACM Workshop on Role-based Access Control, pp. 11–18 (2000)

  12. Cook, D. and Multiple Contributors: Gold Parsing System. http://goldparser.org/index.htm

  13. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder policy specification language. In: Proceedings of POLICY, pp. 18–38 (2001)

  14. Ferraiolo, D., Atluri, V.: A meta model for access control: why is it needed and is it even possible to achieve? In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 153–154 (2008)

  15. Ferraiolo, D., Kuhn, D., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, London (2007)

    MATH  Google Scholar 

  16. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  17. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., Thuraisingham, B.: ROWLBAC: Representing role based access control in OWL. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 73–82 (2008)

  18. Fisler, K., Krishnamurthi, S., Dougherty, D.: Embracing policy engineering. In: Proceedings of the Workshop on Future of Software Engineering Research (FoSER), pp. 109–110 (2010)

  19. Fowler, M.: Analysis Patterns: Reusable Object Models. Addison-Wesley, Reading (1997)

    Google Scholar 

  20. Geerts, G., McCarthy, W.: Policy-level specifications in REA enterprise information systems. J. Inf. Syst. 20(2), 37–63 (2006)

    Google Scholar 

  21. Geerts, G., McCarthy, W.: An ontological analysis of the economic primitives of the extended-REA enterprise information architecture. I. J. Acc. Inf. Syst. 3(1), 1–16 (2002)

    Article  Google Scholar 

  22. Greco, S., Leone, N., Rullo, P.: COMPLEX: an object-oriented logic programming system. IEEE Trans. Knowl. Data Eng. 4(4), 344–359 (1992)

    Article  Google Scholar 

  23. Hruby, P. with contributions by Kiehn, J., Scheller, C.: Model-Driven Design Using Business Patterns. Springer, Berlin (2006)

  24. Hu, V., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller. R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. National Institute of Standards and Technology (NIST) special publication 800-162 (2014)

  25. Jackson, M.: Aspects of abstraction in software development. Softw. Syst. Model. 11(4), 495–511 (2012)

    Article  Google Scholar 

  26. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Proceedings of the Conference on Database Security (DBSec), pp. 41–55 (2012)

  27. Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: Proceedings of POLICY, pp. 63–74 (2003)

  28. Karimi, V.: A Uniform Formal Approach to Business and Access Control Models, Policies and their Combinations. PhD thesis, University of Waterloo (2012)

  29. Karimi, V., Cowan, D.: Access control models for business processes. In: Proceedings of the International Conference on Security and Cryptography (SECRYPT), pp. 489–498 (2010)

  30. Kern, A., Walhorn, C.: Rule support for role-based access control. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 130–138 (2005)

  31. Kuhn, D., Coyne, E., Weil, T.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)

    Article  Google Scholar 

  32. Martin, J., Odell, J.: Object-Oriented Methods: A Foundation, UML Edition. Prentice Hall, Englewood Cliffs (1998)

    Google Scholar 

  33. McCarthy, W.: The REA accounting model: a generalized framework for accounting systems in a shared data environment. Acc. Rev. 57(3), 54–78 (1982)

    Google Scholar 

  34. Motschnig-Pitrik, R., Kaasbøll, J.: Part-whole relationship categories and their application in object-oriented analysis. IEEE Trans. Knowl. Data Eng. 11(5), 779–797 (1999)

    Article  Google Scholar 

  35. Motschnig-Pitrik, R., Storey, V.: Modelling of set membership: the notion and the issues. Data Knowl. Eng. 16(2), 147–185 (1995)

    Article  MATH  Google Scholar 

  36. Odell, J.: Advanced Object-Oriented Analysis and Design Using UML. Cambridge University Press, Cambridge (1998)

    MATH  Google Scholar 

  37. Organization for the Advancement of Structured Information Standards (OASIS): eXtensible Access Control Markup Language (XACML), Version 3.0, Committee Specification 01 (2010)

  38. Organization for the Advancement of Structured Information Standards (OASIS), Moses, T. (ed.): eXtensible Access Control Markup Language (XACML), Version 2.0 (2005)

  39. Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3(2), 85–106 (2000)

    Article  Google Scholar 

  40. Park, J., Sandhu, R.: The \(\text{ UCON }_{{\rm ABC}}\) usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  41. Ray, I., Li, N., France, R., Kim, D.: Using UML to visualize role-based access control constraints. In: Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 115–124 (2004)

  42. Rumbaugh, J., Jacobson, I., Booch, G.: Unified Modeling Language Reference Manual, 2nd edn. Addison-Wesley, Reading (2005)

  43. Sandhu, R.: The authorization leap from rights to attributes: maturation or chaos? In: Proceddings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 69–70 (2012)

  44. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control model. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  45. Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: Proceddings of the ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)

  46. Shanks, G., Tansley, E., Nuredini, J., Tobin, D.: Representing part-whole relations in conceptual modeling: an empirical evaluation. MIS Q. 32(3), 553–573 (2008)

    Google Scholar 

  47. Shanks, G., Tansley, E., Weber, R.: Representing composites in conceptual modeling. Commun. ACM 47(7), 77–80 (2004)

    Article  Google Scholar 

  48. Simon, R., Zurko, M.: Separation of duty in role-based environments. In: Proceedings of the Computer Security Foundations Workshop (CSFW), pp. 183–194 (1997)

  49. Stallings, W., Brown, L., with contributions by Bauer, M., Howard, M.: Computer Security: Principles and Practice. Pearson Prentice Hall, Englewood Cliffs (2008)

  50. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC): International Standard, ISO/IEC 14977. Information technology-Syntactic metalanguage-Extended BNF (1996)

  51. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC): International Standard, ISO/IEC 15944-4:2007(E). Information Technology-Business Operational View-Part 4: Business Transaction Scenarios-Accounting and Economy Ontology (2007)

  52. Tonti, G., Bradshaw, J., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic Web languages for policy representation and reasoning: a comparison of KAoS, Rei, and Ponder. In: Proceedings of the International Semantic Web Conference, pp. 419–437 (2003)

  53. Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: A policy system for autonomous pervasive environments. In: Proceedings of the International Conference on Autonomic and Autonomous Systems (ICAS), pp. 330–335 (2009)

  54. Twidle, K., Marinovic, S., Dulay, N.: Teleo-reactive policies in Ponder2. In: Proceedings of POLICY, pp. 57–60 (2010)

  55. Verhanneman, T., Piessens, F., De Win, B., Joosen, W.: Uniform application-level access control enforcement of organizationwide policies. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC), pp. 431–440 (2005)

  56. Winston, M., Chaffin, R., Herrmann, D.: A taxonomy of part-whole relations. Cogn. Sci. 11(4), 417–444 (1987)

    Article  Google Scholar 

  57. Yuan, E., Tong, J.: Attributed based access control (ABAC) for Web services. In: Proceedings of the International Conference on Web Services (ICWS), pp. 561–569 (2005)

Download references

Author information

Authors and Affiliations

  1. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada

    Vahid R. Karimi, Paulo S. C. Alencar & Donald D. Cowan

Authors
  1. Vahid R. Karimi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paulo S. C. Alencar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Donald D. Cowan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vahid R. Karimi.

Additional information

A preliminary version of this paper appeared at SECRYPT 2010 [29].

Appendix: REA patterns for policy-level specification

Appendix: REA patterns for policy-level specification

This appendix describes REA patterns to represent policies. REA patterns for policy-level specification are illustrated using a plane and flight scenario in Fig. 24 [20], and the patterns are shown in Fig. 25 [20]. These two figures are described next.

Fig. 25
figure 25

Patterns for policy-level specifications

Full size image

Figures 24 and 25 can be described so [20]: The Basic pattern includes flight, FlightType, and a single typification association between them. A policy is defined by a FlightType attribute: based on a scheduled departure of a FlightType, a policy can state that a flight should take off at a certain time (which can be different from the flight’s actual departure time). In these two figures, a typification relationship denotes an “is a-kind-of” association, whereas a grouping association represents an “is a-member-of” association. The top left-hand side of Fig. 25 presents a more general way of showing this example of flight, flight type, and a single typification association.

In Fig. 25, the filled rectangles are identified as “object classes” that are mainly agents, resources, and events of REA. This diagram is divided into two policy and operational levels: the policy level identifies type or group elements. Therefore, resource type (flight type, for this example) is the element (filled rectangle) at the policy level, and resource (flight, for this example) is the element at the operational level. Finally, the dotted line between these elements identifies a typification relationship. For this case, a policy can be defined based on a (resource or agent or event) type (in this case a FlightType, which is a resource type). Therefore, a gray highlight is positioned on that item in this figure.

The Mirror pattern is among PlaneType, FlightType, plane, and flight (i.e., two typification or grouping associations and two other associations). A policy can express the type of plane to be used for the type of flight.

In Fig. 25, the Mirror pattern is the middle figure on top and is a general representation of this specific example. The two filled rectangles at the policy level of this figure can represent flight type and plane type, and the two filled rectangles at the operational level can represent flight and plane. One dotted line representing typification is between flight type and flight, and another one is between plane type and plane. One association (but not of typification or grouping) that is represented by a solid line is between flight type and plane type, and another one is between flight and plane. A policy can be defined based on the association between two types or groups (in this case, FlightType and PlaneType). Therefore, a gray highlight is placed on this relationship.

The Compromise pattern, a variation of Mirror, one typification or grouping is compromised: It consists of one typification or grouping and two other associations—one of which is at the policy level. Compromise includes RouteType, CancellationType, and flight; a CancellationType can be defined per RouteType.

In Fig. 25, the Compromise pattern is shown on the right top level and is a general representation of this specific example. The policy-level filled rectangles can be RouteType and CancellationType, whereas the one at the operation level can be flight. One solid line (i.e., association but not typification or grouping) is between CancellationType and flight, and the other is between CancellationType and RouteType. The dotted line (a typification) is between RouteType and flight. This typification is stratified as it is not between flight and flight type, and it is one level up and is between flight and RouteType. The gray highlight shows the elements that are used for defining policies.

The Hybrid pattern, another variation of Mirror, includes plane, fleet, and ServiceOperator and consists of one typification or grouping and two other associations—none of which is at the policy level. This pattern is used when one class has a small number of instances on which the policy is validated (e.g., a list of people who can provide service to a fleet). Operational and policy levels are differentiated in Figs. 25 and 24 either by their explicit mention or by the use of “T” to denote type.

In Fig. 25, the Hybrid pattern is shown on the bottom left of this figure. A specific example of the filled rectangle at the top level can be a fleet, which represents a group. A plane can represent the filled rectangle underneath connected with a dotted line to the fleet. The other filled rectangle can be a service operator that is connected with solid lines (i.e., associations that are neither typification nor grouping) to both fleet and plane. The gray highlight shows the elements that are used for defining policies.

Finally, the Root pattern is defined among fleet, PlaneType, and fleet and applies to cases in which one operational-level object participates in more than one typification or grouping (e.g., the typification of plane and PlaneType and the grouping of plane and fleet). This pattern consists of two typification or grouping associations and another association at the policy level (e.g., a plane should be of a specific PlaneType to be a member of a fleet).

In Fig. 25, the Root pattern is shown at the bottom right where specific examples of the top-level filled rectangles at the policy level can be plane type and fleet, and the bottom-level filled rectangle can be a plane. One dotted line is between plane and fleet (a grouping), and another is between plane and plane type (a typification). The solid line is an association that is neither typification nor grouping and is between plane type and fleet. Similarly, the gray highlight shows the elements that are used for defining policies.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Karimi, V.R., Alencar, P.S.C. & Cowan, D.D. A uniform approach for access control and business models with explicit rule realization. Int. J. Inf. Secur. 15, 145–171 (2016). https://doi.org/10.1007/s10207-015-0275-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-015-0275-z

Keywords

Search

Navigation