International Conference on Computer and Knowledge Engineering

Home / 11th International Conference on Computer and Knowledge Engineering

Automatic Generation of XACML Code using Model-Driven Approach

Authors :

Athareh Fatemian¹ Bahman Zamani² Marzieh Masoumi³ Mehran Kamranpour⁴ Behrouz Tork Ladani⁵ Shekoufeh Kolahdouz Rahimi⁶

1- MDSE Research Group, Faculty of Computer Engineering University of Isfahan 2- MDSE Research Group, Faculty of Computer Engineering University of Isfahan 3- MDSE Research Group, Faculty of Computer Engineering University of Isfahan 4- MDSE Research Group, Faculty of Computer Engineering University of Isfahan 5- MDSE Research Group, Faculty of Computer Engineering University of Isfahan 6- MDSE Research Group, Faculty of Computer Engineering University of Isfahan

Keywords :

Access Control Policies, XACML, ABAC, RBAC, MDE, DSML

Abstract :

Precise specification of security requirements of software systems in general, and access control policies in particular, is a critical issue. The eXtensible Access Control Markup Language (XACML) is a well-known standard for defining access control policies. The problem is that using this language and manual formulation of policies requires technical knowledge and is error prone. To address this challenge, we propose a Domain-Specific Modeling Language (DSML), called Dual-XACML that supports both Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). As the tool support, a graphical editor as well as a transformation engine has been developed in this research. The graphical editor allows the user to create a model of access control policies for the target system. Then, using the transformations, the model is transformed into the corresponding XACML code. To evaluate the proposed approach, the XACML code of a typical system is generated, automatically.