rbacDSL - slides from Code Generation 2014
0 likes725 views
My slides from my talk at Code Generation 2014 in Cambridge, UK. rbacDSL is a text-based DSL for writing, verifying and correcting RBAC authorisation policies. It produces standard XACML policies that can be used with any XACML evaluation engine.
![RBAC [Sandhu00]](https://image.slidesharecdn.com/lmontrieux-cg2014-140409101247-phpapp02/85/rbacDSL-slides-from-Code-Generation-2014-5-320.jpg)
![Current (and past) research
Automated model 鍖xing (the whole model) [Montrieux13]
Adaptive access control - automated reaction to inside
threats [Bailey14]
Dynamic access control - in progress](https://image.slidesharecdn.com/lmontrieux-cg2014-140409101247-phpapp02/85/rbacDSL-slides-from-Code-Generation-2014-13-320.jpg)
![References
All publications I co-authored are available on http://oro.open.ac.uk/
view/person/lm25566.html and http://oro.open.ac.uk/view/
person/lmcm5.html
[Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The
NIST model for role-based access control: towards a uni鍖ed standard.
ACM Workshop on Role-Based Access Control 2000:47-63
XACML: eXtensible Access Control Modeling Language - OASIS -
https://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=xacml
Image on slide 6 re-created from http://www.xacml.info
Images on slides 4 and 15 by J. Hardaway](https://image.slidesharecdn.com/lmontrieux-cg2014-140409101247-phpapp02/85/rbacDSL-slides-from-Code-Generation-2014-16-320.jpg)
rbacDSL - slides from Code Generation 2014
- 1. rbacDSL: a DSL for Role-Based Access Control Lionel Montrieux <lionel.montrieux@open.ac.uk> The Open University, Milton Keynes, UK
- 2. Outline Background and overview (15 min.) Building an authorisation policy - live demo (20 min.) Try to think of a good example Bonus points for funny ones Current research and future directions (10 min.)
- 3. Background
- 7. XACML - Policies <PolicySet> <PolicyCombinationAlgorithm/> <Policy> <RuleCombinationAlgorithm/> <Rule effect=Permit|Deny> <Target/> <Condition/> </Rule> </Policy> </PolicySet>
- 8. XACML - Requests <Request> <Subject/> <Resource/> <Action/> <Environment/> </Request>
- 9. How it started rbacUML and rbacDSML OCL constraints model smells 鍖xing incorrect models Rational Software Architect 8.0, UML pro鍖les
- 10. Scenarios? Granted: user should be able to perform a list of actions Forbidden: !Granted User-Role: role should be assigned to at least one user Object-Role: role should allow one to perform a list of actions on objects Object: at least one user should be able to perform an action on an object
- 12. Current research and future directions
- 13. Current (and past) research Automated model 鍖xing (the whole model) [Montrieux13] Adaptive access control - automated reaction to inside threats [Bailey14] Dynamic access control - in progress
- 14. Future directions Attributes and conditions support User-speci鍖c scenarios XACML PAP connectors, LDAP connectors Dynamic access control features Bidirectional graph transformations
- 15. Any questions? email me: lionel.montrieux@open.ac.uk get the tool: https://github.com/lmcmontrieux/rbacDSL
- 16. References All publications I co-authored are available on http://oro.open.ac.uk/ view/person/lm25566.html and http://oro.open.ac.uk/view/ person/lmcm5.html [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The NIST model for role-based access control: towards a uni鍖ed standard. ACM Workshop on Role-Based Access Control 2000:47-63 XACML: eXtensible Access Control Modeling Language - OASIS - https://www.oasis-open.org/committees/tc_home.php? wg_abbrev=xacml Image on slide 6 re-created from http://www.xacml.info Images on slides 4 and 15 by J. Hardaway