Abstract
Conversational User Interfaces (CUIs), such as chatbots, are becoming a common component of many software systems and they are evolving in many directions (including advanced features, often powered by AI-based components). However, less attention has been paid to their security aspects, such as access-control, which may pose a clear risk. In this paper, we apply Model-Driven techniques to define more secure CUIs. In particular, we propose a framework to integrate an Access-Control protocol into the CUI specification and implementation through a set of policy rules described using a Domain-Specific Language (DSL) integrated with the core CUI language.
This work has been partially funded by the Spanish government (LOCOSS project - PID2020-114615RB-I00 and BODI project - PDC2021-121404-I00).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Information technology - Open Systems Interconnection - Security frameworks for open systems: Access control framework (ISO-10181-3/X.812) (1996)
5200.28-STD, D: Trusted Computer System Evaluation Criteria. DOD Computer Security Center (1985)
Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, pp. 1–10 (2011)
Bozic, J., Wotawa, F.: Security testing for chatbots. In: Testing Software and Systems (2018)
Cabot, J., Burgueño, L., Clarisó, R., Daniel, G., Perianez-Pascual, J., Rodríguez-Echeverría, R.: Testing challenges for NLP-intensive bots. In: 3rd IEEE/ACM International Workshop on Bots in Software Engineering. IEEE (2021)
Daniel, G., Cabot, J., Deruelle, L., Derras, M.: Xatkit: a multimodal low-code chatbot development framework. IEEE Access 8 (2020)
Gondaliya, K., Butakov, S., Zavarsky, P.: SLA as a mechanism to manage risks related to chatbot services. In: 2020 IEEE 6th International Conference on Big Data Security on Cloud (BigDataSecurity) (2020)
Hasal, M., Nowaková, J., Ahmed Saghair, K., Abdulla, H., Snášel, V., Ogiela, L.: Chatbots: security, privacy, data protection, and social aspects. Concurr. Comput. Pract. Exp. 33(19) (2021)
Hu, V.C., Ferraiolo, D., et al.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations (draft), vol. 800, issue 162. NIST Special Publication (2013)
Kleppe, A.: Software Language Engineering: Creating Domain-Specific Languages Using Metamodels. Pearson Education (2008)
Klopfenstein, L.C., Delpriori, S., Malatini, S., Bogliolo, A.: The rise of bots: a survey of conversational interfaces, patterns, and paradigms. In: Conference on Designing Interactive Systems, ACM (2017)
Lai, S.T., Leu, F.Y., Lin, J.W.: A banking chatbot security control procedure for protecting user data security and privacy. In: Advances on Broadband and Wireless Computing, Communication and Applications (2019)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: a UML-based modeling language for model-driven security. In: UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Pérez-Soler, S., Guerra, E., de Lara, J.: Model-driven chatbot development. In: Conceptual Modeling (2020)
Planas, E., Daniel, G., Brambilla, M., Cabot, J.: Towards a model-driven approach for multiexperience AI-based user interfaces. Softw. Syst. Model. 20(4), 997–1009 (2021)
Roca, S., Sancho, J., García, J., Álvaro Alesanco: microservice chatbot architecture for chronic patient support. J. Biomed. Inf. 102 (2020)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: RBAC 2000. ACM (2000)
Sandhu, R.S., Samarati, P.: Access control: principle and practice. Commun. Magaz. IEEE 32(9) (1994)
Ye, W., Li, Q.: Chatbot security and privacy in the age of personal assistants. In: 2020 IEEE/ACM Symposium on Edge Computing (SEC) (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Planas, E., Martínez, S., Brambilla, M., Cabot, J. (2022). Towards Access Control Models for Conversational User Interfaces. In: Augusto, A., Gill, A., Bork, D., Nurcan, S., Reinhartz-Berger, I., Schmidt, R. (eds) Enterprise, Business-Process and Information Systems Modeling. BPMDS EMMSAD 2022 2022. Lecture Notes in Business Information Processing, vol 450. Springer, Cham. https://doi.org/10.1007/978-3-031-07475-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-07475-2_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07474-5
Online ISBN: 978-3-031-07475-2
eBook Packages: Computer ScienceComputer Science (R0)