SlideShare une entreprise Scribd logo

rbacDSL - slides from Code Generation 2014

Lionel Montrieux
Lionel Montrieux

My slides from my talk at Code Generation 2014 in Cambridge, UK. rbacDSL is a text-based DSL for writing, verifying and correcting RBAC authorisation policies. It produces standard XACML policies that can be used with any XACML evaluation engine.

Technologie
1  sur  16
Télécharger pour lire hors ligne
rbacDSL: a DSL for Role-Based Access Control Lionel Montrieux <lionel.montrieux@open.ac.uk> The Open University, Milton Keynes, UK
Outline • Background and overview (15 min.) • Building an authorisation policy - live demo (20 min.) • Try to think of a good example • Bonus points for funny ones • Current research and future directions (10 min.)
Background
Authentication, Authorisation
RBAC [Sandhu00]
XACML architecture
XACML - Policies • <PolicySet>
 <PolicyCombinationAlgorithm/>
 <Policy>
 <RuleCombinationAlgorithm/>
 <Rule effect=“Permit|Deny”>
 <Target/>
 <Condition/>
 </Rule>
 </Policy>
 </PolicySet>
XACML - Requests • <Request>
 <Subject/>
 <Resource/>
 <Action/>
 <Environment/>
 </Request>
How it started • rbacUML and rbacDSML • OCL constraints • “model smells” • fixing incorrect models • Rational Software Architect 8.0, UML profiles
Scenarios? • Granted: user should be able to perform a list of actions • Forbidden: !Granted • User-Role: role should be assigned to at least one user • Object-Role: role should allow one to perform a list of actions on objects • Object: at least one user should be able to perform an action on an object
Demo time! https://github.com/lmcmontrieux/rbacDSL
Current research and future directions
Current (and past) research • Automated model fixing (the whole model) [Montrieux13] • Adaptive access control - automated reaction to inside threats [Bailey14] • Dynamic access control - in progress
Future directions • Attributes and conditions support • User-specific scenarios • XACML PAP connectors, LDAP connectors • Dynamic access control features • Bidirectional graph transformations
Any questions? email me: lionel.montrieux@open.ac.uk
 get the tool: https://github.com/lmcmontrieux/rbacDSL
References • All publications I co-authored are available on http://oro.open.ac.uk/ view/person/lm25566.html and http://oro.open.ac.uk/view/ person/lmcm5.html • [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The NIST model for role-based access control: towards a unified standard. ACM Workshop on Role-Based Access Control 2000:47-63 • XACML: eXtensible Access Control Modeling Language - OASIS - https://www.oasis-open.org/committees/tc_home.php? wg_abbrev=xacml • Image on slide 6 re-created from http://www.xacml.info • Images on slides 4 and 15 by J. Hardaway

Recommandé

Lilylovespearl
LilylovespearlLilylovespearl
Lilylovespearl
sweetmalhotra
 
Ruby on Rails Vorlesung 5 Rails Controller
Ruby on Rails Vorlesung 5 Rails ControllerRuby on Rails Vorlesung 5 Rails Controller
Ruby on Rails Vorlesung 5 Rails Controller
Julian Fischer
 
Ruby on rails vorlesung 4 Rails Views
Ruby on rails vorlesung 4 Rails ViewsRuby on rails vorlesung 4 Rails Views
Ruby on rails vorlesung 4 Rails Views
Julian Fischer
 
Business Cards
Business CardsBusiness Cards
Business Cards
FdaMusic FaFa A
 
Tema 1 -_word_2007
Tema 1 -_word_2007Tema 1 -_word_2007
Tema 1 -_word_2007
Doris Castro Escobar
 
Ruby on rails vorlesung 3 Mehr Ruby
Ruby on rails vorlesung 3 Mehr RubyRuby on rails vorlesung 3 Mehr Ruby
Ruby on rails vorlesung 3 Mehr Ruby
Julian Fischer
 
Nmt Broadband Caslideshow
Nmt Broadband CaslideshowNmt Broadband Caslideshow
Nmt Broadband Caslideshow
sineadfrizzelle
 
Ruby on rails vorlesung 2 Ruby
Ruby on rails vorlesung 2 RubyRuby on rails vorlesung 2 Ruby
Ruby on rails vorlesung 2 Ruby
Julian Fischer
 

Recommandé

Lilylovespearl
LilylovespearlLilylovespearl
Lilylovespearl
sweetmalhotra
 
Ruby on Rails Vorlesung 5 Rails Controller
Ruby on Rails Vorlesung 5 Rails ControllerRuby on Rails Vorlesung 5 Rails Controller
Ruby on Rails Vorlesung 5 Rails Controller
Julian Fischer
 
Ruby on rails vorlesung 4 Rails Views
Ruby on rails vorlesung 4 Rails ViewsRuby on rails vorlesung 4 Rails Views
Ruby on rails vorlesung 4 Rails Views
Julian Fischer
 
Business Cards
Business CardsBusiness Cards
Business Cards
FdaMusic FaFa A
 
Tema 1 -_word_2007
Tema 1 -_word_2007Tema 1 -_word_2007
Tema 1 -_word_2007
Doris Castro Escobar
 
Ruby on rails vorlesung 3 Mehr Ruby
Ruby on rails vorlesung 3 Mehr RubyRuby on rails vorlesung 3 Mehr Ruby
Ruby on rails vorlesung 3 Mehr Ruby
Julian Fischer
 
Nmt Broadband Caslideshow
Nmt Broadband CaslideshowNmt Broadband Caslideshow
Nmt Broadband Caslideshow
sineadfrizzelle
 
Ruby on rails vorlesung 2 Ruby
Ruby on rails vorlesung 2 RubyRuby on rails vorlesung 2 Ruby
Ruby on rails vorlesung 2 Ruby
Julian Fischer
 
G:\Time Management
G:\Time ManagementG:\Time Management
G:\Time Management
clopo
 
Lilylovespearl
LilylovespearlLilylovespearl
Lilylovespearl
sweetmalhotra
 
Be a Hiring Machine: A Strategic Interview Guide
Be a Hiring Machine: A Strategic Interview GuideBe a Hiring Machine: A Strategic Interview Guide
Be a Hiring Machine: A Strategic Interview Guide
GravityPeople
 
Gc presentation for website 10 11-11
Gc presentation for website 10 11-11Gc presentation for website 10 11-11
Gc presentation for website 10 11-11
andrewtytla
 
Lilylovespearl
LilylovespearlLilylovespearl
Lilylovespearl
sweetmalhotra
 
Youth unemployment as one of the most pressing
Youth unemployment as one of the most pressingYouth unemployment as one of the most pressing
Youth unemployment as one of the most pressing
guest97081e
 
Vocabulary instruction for academic success
Vocabulary instruction for academic successVocabulary instruction for academic success
Vocabulary instruction for academic success
GRAi9
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmas
SQALab
 
Bart Knaack - The Truth About Model-Based Quality Improvements
Bart Knaack - The Truth About Model-Based Quality ImprovementsBart Knaack - The Truth About Model-Based Quality Improvements
Bart Knaack - The Truth About Model-Based Quality Improvements
TEST Huddle
 
Introduction to j2 ee patterns online training class
Introduction to j2 ee patterns online training classIntroduction to j2 ee patterns online training class
Introduction to j2 ee patterns online training class
QUONTRASOLUTIONS
 
Supporting Change in Product Lines within the Context of Use Case-driven Deve...
Supporting Change in Product Lines within the Context of Use Case-driven Deve...Supporting Change in Product Lines within the Context of Use Case-driven Deve...
Supporting Change in Product Lines within the Context of Use Case-driven Deve...
Lionel Briand
 
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Lionel Briand
 
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
South Tyrol Free Software Conference
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
WSO2
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Lionel Briand
 
Reusable Self-Adaptation through Bidirectional Programming
Reusable Self-Adaptation through Bidirectional ProgrammingReusable Self-Adaptation through Bidirectional Programming
Reusable Self-Adaptation through Bidirectional Programming
Lionel Montrieux
 
Self-Adaptive Cloud Infrastructures with Bidirectional Programming
Self-Adaptive Cloud Infrastructures with Bidirectional ProgrammingSelf-Adaptive Cloud Infrastructures with Bidirectional Programming
Self-Adaptive Cloud Infrastructures with Bidirectional Programming
Lionel Montrieux
 
Self-Adaptive Federated Authorisation Infrastructures
Self-Adaptive Federated Authorisation InfrastructuresSelf-Adaptive Federated Authorisation Infrastructures
Self-Adaptive Federated Authorisation Infrastructures
Lionel Montrieux
 
Bidirectional Programming for Self-adaptive Software
Bidirectional Programming for Self-adaptive SoftwareBidirectional Programming for Self-adaptive Software
Bidirectional Programming for Self-adaptive Software
Lionel Montrieux
 
Model-Based Analysis of Role-Based Access Control
Model-Based Analysis of Role-Based Access ControlModel-Based Analysis of Role-Based Access Control
Model-Based Analysis of Role-Based Access Control
Lionel Montrieux
 

Contenu connexe

En vedette

G:\Time Management
G:\Time ManagementG:\Time Management
G:\Time Management
clopo
 
Gc presentation for website 10 11-11
Gc presentation for website 10 11-11Gc presentation for website 10 11-11
Gc presentation for website 10 11-11
andrewtytla
 
Vocabulary instruction for academic success
Vocabulary instruction for academic successVocabulary instruction for academic success
Vocabulary instruction for academic success
GRAi9
 

En vedette (7)

G:\Time Management
G:\Time ManagementG:\Time Management
G:\Time Management
 
Lilylovespearl
LilylovespearlLilylovespearl
Lilylovespearl
 
Be a Hiring Machine: A Strategic Interview Guide
Be a Hiring Machine: A Strategic Interview GuideBe a Hiring Machine: A Strategic Interview Guide
Be a Hiring Machine: A Strategic Interview Guide
 
Gc presentation for website 10 11-11
Gc presentation for website 10 11-11Gc presentation for website 10 11-11
Gc presentation for website 10 11-11
 
Lilylovespearl
LilylovespearlLilylovespearl
Lilylovespearl
 
Youth unemployment as one of the most pressing
Youth unemployment as one of the most pressingYouth unemployment as one of the most pressing
Youth unemployment as one of the most pressing
 
Vocabulary instruction for academic success
Vocabulary instruction for academic successVocabulary instruction for academic success
Vocabulary instruction for academic success
 

Similaire à rbacDSL - slides from Code Generation 2014

Introduction to j2 ee patterns online training class
Introduction to j2 ee patterns online training classIntroduction to j2 ee patterns online training class
Introduction to j2 ee patterns online training class
QUONTRASOLUTIONS
 
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
South Tyrol Free Software Conference
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
WSO2
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
sureshattanayake
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Lionel Briand
 

Similaire à rbacDSL - slides from Code Generation 2014 (10)

The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmas
 
Bart Knaack - The Truth About Model-Based Quality Improvements
Bart Knaack - The Truth About Model-Based Quality ImprovementsBart Knaack - The Truth About Model-Based Quality Improvements
Bart Knaack - The Truth About Model-Based Quality Improvements
 
Introduction to j2 ee patterns online training class
Introduction to j2 ee patterns online training classIntroduction to j2 ee patterns online training class
Introduction to j2 ee patterns online training class
 
Supporting Change in Product Lines within the Context of Use Case-driven Deve...
Supporting Change in Product Lines within the Context of Use Case-driven Deve...Supporting Change in Product Lines within the Context of Use Case-driven Deve...
Supporting Change in Product Lines within the Context of Use Case-driven Deve...
 
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
 
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
SFScon 21 - Matteo Camilli - Performance assessment of microservices with str...
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
 

Plus de Lionel Montrieux

rbacUML at CodeGeneration 2012
rbacUML at CodeGeneration 2012rbacUML at CodeGeneration 2012
rbacUML at CodeGeneration 2012
Lionel Montrieux
 
Open University CRC Students conference 2010
Open University CRC Students conference 2010Open University CRC Students conference 2010
Open University CRC Students conference 2010
Lionel Montrieux
 

Plus de Lionel Montrieux (8)

Reusable Self-Adaptation through Bidirectional Programming
Reusable Self-Adaptation through Bidirectional ProgrammingReusable Self-Adaptation through Bidirectional Programming
Reusable Self-Adaptation through Bidirectional Programming
 
Self-Adaptive Cloud Infrastructures with Bidirectional Programming
Self-Adaptive Cloud Infrastructures with Bidirectional ProgrammingSelf-Adaptive Cloud Infrastructures with Bidirectional Programming
Self-Adaptive Cloud Infrastructures with Bidirectional Programming
 
Self-Adaptive Federated Authorisation Infrastructures
Self-Adaptive Federated Authorisation InfrastructuresSelf-Adaptive Federated Authorisation Infrastructures
Self-Adaptive Federated Authorisation Infrastructures
 
Bidirectional Programming for Self-adaptive Software
Bidirectional Programming for Self-adaptive SoftwareBidirectional Programming for Self-adaptive Software
Bidirectional Programming for Self-adaptive Software
 
Model-Based Analysis of Role-Based Access Control
Model-Based Analysis of Role-Based Access ControlModel-Based Analysis of Role-Based Access Control
Model-Based Analysis of Role-Based Access Control
 
rbacUML at CodeGeneration 2012
rbacUML at CodeGeneration 2012rbacUML at CodeGeneration 2012
rbacUML at CodeGeneration 2012
 
Open University CRC Students conference 2010
Open University CRC Students conference 2010Open University CRC Students conference 2010
Open University CRC Students conference 2010
 
Security Analysis for Evolvable Software
Security Analysis for Evolvable SoftwareSecurity Analysis for Evolvable Software
Security Analysis for Evolvable Software
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

rbacDSL - slides from Code Generation 2014

  • 1. rbacDSL: a DSL for Role-Based Access Control Lionel Montrieux <lionel.montrieux@open.ac.uk> The Open University, Milton Keynes, UK
  • 2. Outline • Background and overview (15 min.) • Building an authorisation policy - live demo (20 min.) • Try to think of a good example • Bonus points for funny ones • Current research and future directions (10 min.)
  • 7. XACML - Policies • <PolicySet>
 <PolicyCombinationAlgorithm/>
 <Policy>
 <RuleCombinationAlgorithm/>
 <Rule effect=“Permit|Deny”>
 <Target/>
 <Condition/>
 </Rule>
 </Policy>
 </PolicySet>
  • 8. XACML - Requests • <Request>
 <Subject/>
 <Resource/>
 <Action/>
 <Environment/>
 </Request>
  • 9. How it started • rbacUML and rbacDSML • OCL constraints • “model smells” • fixing incorrect models • Rational Software Architect 8.0, UML profiles
  • 10. Scenarios? • Granted: user should be able to perform a list of actions • Forbidden: !Granted • User-Role: role should be assigned to at least one user • Object-Role: role should allow one to perform a list of actions on objects • Object: at least one user should be able to perform an action on an object
  • 12. Current research and future directions
  • 13. Current (and past) research • Automated model fixing (the whole model) [Montrieux13] • Adaptive access control - automated reaction to inside threats [Bailey14] • Dynamic access control - in progress
  • 14. Future directions • Attributes and conditions support • User-specific scenarios • XACML PAP connectors, LDAP connectors • Dynamic access control features • Bidirectional graph transformations
  • 15. Any questions? email me: lionel.montrieux@open.ac.uk
 get the tool: https://github.com/lmcmontrieux/rbacDSL
  • 16. References • All publications I co-authored are available on http://oro.open.ac.uk/ view/person/lm25566.html and http://oro.open.ac.uk/view/ person/lmcm5.html • [Sandhu00] Ravi S. Sandhu, David F. Ferraiolo, D. Richard Kuhn: The NIST model for role-based access control: towards a unified standard. ACM Workshop on Role-Based Access Control 2000:47-63 • XACML: eXtensible Access Control Modeling Language - OASIS - https://www.oasis-open.org/committees/tc_home.php? wg_abbrev=xacml • Image on slide 6 re-created from http://www.xacml.info • Images on slides 4 and 15 by J. Hardaway