nach oben

Software and Systems Modeling

Erschienen in:

Open Access 21.11.2017 | Special Section Paper

Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformations

verfasst von: Csaba Debreceni, Gábor Bergmann, István Ráth, Dániel Varró

Erschienen in: Software and Systems Modeling | Ausgabe 3/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Large-scale model-driven system engineering projects are carried out collaboratively. Engineering artefacts stored in model repositories are developed in either offline (checkout–modify–commit) or online (GoogleDoc-style) scenarios. Complex systems frequently integrate models and components developed by different teams, vendors and suppliers. Thus, confidentiality and integrity of design artefacts need to be protected in accordance with access control policies. We propose a secure collaborative modelling approach where fine-grained access control for models is strictly enforced by bidirectional model transformations. Collaborators obtain filtered local copies of the model containing only those model elements which they are allowed to read; write access control policies are checked on the server upon submitting model changes. We present a formal collaboration schema which provenly guarantees certain correctness constraints, and its adaption to online scenarios with on-the-fly change propagation and the integration into existing version control systems to support offline scenarios. The approach is illustrated, and its scalability is evaluated using a case study of the MONDO EU project.

Vorheriger Artikel Metamodel specialization for graphical language support

Nächster Artikel Correction to: Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformations

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

https://static-content.springer.com/image/art%3A10.1007%2Fs10270-017-0631-8/MediaObjects/10270_2017_631_IEq78_HTML.gif

takes care of the containment reference between \(sN_G\) and ctrl3.

Similarly,

https://static-content.springer.com/image/art%3A10.1007%2Fs10270-017-0631-8/MediaObjects/10270_2017_631_Figp_HTML.gif

will handle the removal of the previous attribute asset \(\textit{AttributeAsset}(s1_F,frequency,30)\) before the addition.

Note that we make a distinction between a user having no access to a model at all, and a user having access to the model, but nothing is readable in it.

The complete formal specification is available at: http://goo.gl/pJzIX1.

Source codes and more details are at https://tinyurl.com/sosym-access-control-source.

EMF and RAP integration: https://wiki.eclipse.org/RAP/EMF_Integration.

Raw data and reproduction instructions at https://tinyurl.com/sosym-access-control.

CPU: Intel Core i7-4700MQ@2.40GHz, MEM: 8GB.

Aerospace Vehicle Systems Institute. SAVI Research Project. http://savi.avsi.aero/

Apache. Subversion. 07 (2017)

Axellience. GenMyModel. http://www.genmymodel.com

Bagnato, A., Brosse, E., Sadovykh, A., Maló, P., Trujillo, S., Mendialdua, X., De Carlos, X.: Flexible and scalable modelling in the mondo project: Industrial case studies. In: XM@ MoDELS, pp. 42–51 (2014)

Bancilhon, F., Spyratos, N.: Update semantics of relational views. ACM Trans. Database Syst. 6(4), 557–575 (1981)CrossRefMATH

Basciani, F., Rocco, J.D., Ruscio, D.D., Salle, A.D., Iovino, L., Pierantonio, A.: MDEForge: an extensible web-based modeling platform. In: CloudMDE@MoDELS (2014)

Bergmann, G., Dávid, I., Hegedüs, Á., Horváth, Á., Ráth, I., Ujhelyi, Z., Varró, D.: VIATRA 3: a reactive model transformation platform. In: International Conference on Theory and Practice of Model Transformations, pp. 101–110. Springer (2015)

Bergmann, G., Debreceni, C., Ráth, I., Varró, D.: Query-based access control for secure collaborative modeling using bidirectional transformations. In: ACM/IEEE 19th International Conference on MODELS (2016)

Bergmann, G., Debreceni, C., Ráth, I., Varró, D.: Towards efficient evaluation of rule-based permissions for fine-grained access control in collaborative modeling. In: 2nd International Workshop on Collaborative Modelling in MDE, Austin Texas, USA. ACM (in press)

10.

Blaze, M., Keromytis, A.D.: The keynote trust-management system version 2 (1999)

11.

Breu, R., Popp, G., Alam, M.: Model based development of access policies. Int. J. Softw. Tools Technol. Transf. 9(5), 457–470 (2007)CrossRef

12.

CAESAR Research Project. http://store.sae.org/caesar/

13.

Chechik, M., Dalpiaz, F., Debreceni, C., Horkoff, J., Ráth, I., Salay, R., Varró, D.: Property-based methods for collaborative model development. In: Joint Proceedings of the 3rd International Workshop on the Glob. of Modeling Lang. and the 9th International Workshop on Multi-Paradigm Modeling. Citeseer, pp. 1–7 (2015)

14.

Clasen, C., Jouault, F., Cabot, J.: VirtualEMF: A model virtualization tool. In: Advances in Conceptual Modeling. Recent Developments and New Directions, pp. 332–335 (2011)

15.

Conner, N.: Google Apps: The Missing Manual: The Missing Manual. O’Reilly Media Inc, Sebastopol (2008)

16.

Czarnecki, K., Helsen, S.: Feature-based survey of model transformation approaches. IBM Syst. J. 45(3), 621–645 (2006)CrossRef

17.

DARPA VehicleFORGE, P.U.: TrustForge: Flexible Access Control for VehicleForge.mil Collaborative Environment, (2012)

18.

Debreceni, C., Bergmann, G., Ráth, I., Varró, D.: Deriving effective permissions for modeling artifacts from fine-grained access control rules. In: 1st International Workshop on Collaborative Modelling in MDE, Saint Malo, France. ACM (2016)

19.

Debreceni, C., Ráth, I., Varró, D., De Carlos, X., Mendialdua, X., Trujillo, S.: Automated model merge by design space exploration. In: International Conference on Fundamental Approaches to Software Engineering. Springer, pp. 104–121 (2016)

20.

Dietzold, S., Auer. S., S.: Access control on RDF triple stores from a semantic wiki perspective. In: Scripting for the Semantic Web Workshop at 3rd European Semantic Web Conference (ESWC) (2006)

21.

Diskin, Z.: Algebraic models for bidirectional model synchronization. In: MoDELS, pp. 21–36 (2008)

22.

Ehrig, H., Ehrig, K., Prange, U., Taentzer, G.: Fundamentals of Algebraic Graph Transformation (Monographs in Theoretical Computer Science. An EATCS Series). Springer, New York (2006)

23.

Farwick, M., Agreiter, B., White, J., Forster, S., Lanzanasto, N., Breu, R.: A web-based collaborative metamodeling environment with secure remote model access. In: Web Engineering, 10th International Conference, ICWE 2010, Vienna, Austria, July 5–9, 2010. Proceedings, Volume 6189 of LNCS, pp. 278–291. Springer (2010)

24.

Fogel, K.F., Bar, M.: Open Source Development with CVS. Coriolis Group Books, London (2001)

25.

Foster, J.N., Pierce, B.C., Zdancewic, S.: Updatable security views. In: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, CSF’09, pp. 60–74. IEEE Computer Society, Washington (2009)

26.

Franz, I.: AllegroGraph. http://franz.com/agraph/allegrograph/doc/security.html

27.

Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: 9th ACM Symposium on Access Control Models and Technologies, pp. 61–69 (2004)

28.

Gallardo, J., Bravo, C., Redondo, M.A.: A model-driven development method for collaborative modeling tools. J. Netw. Comput. Appl. 35(3), 1086–1105 (2012)CrossRef

29.

Garlik. 4store. http://4store.org/trac/wiki/GraphAccessControl

30.

Gibson-Robinson, T., Armstrong, P., Boulgakov, A., Roscoe, A.: FDR3—A Modern Refinement Checker for CSP. In: Ábrahám, E., Havelund, K. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, Volume 8413 of Lecture Notes in Computer Science, pp. 187–201 (2014)

31.

Godik, S., Moses, T. (eds.). eXtensible access control markup language (XACML) version 1.0. 02 (2003)

32.

International Organization for Standardization. ISO 16739:2013: Industry Foundation Classes (IFC) for data sharing in the construction and facility management industries (2013)

33.

Jaeschke, R.: Encrypting C source for distribution. J. C Lang. Transl. 2(1), 71–80 (1990)MathSciNet

34.

Jürjens, J.: Model-based run-time checking of security permissions using guarded objects. In: Leucker, M. (ed.) Proceedings of the 8th International Workshop on Runtime Verification, Volume 5289 of LNCS, pp. 36–50. Springer, Budapest (2008)

35.

Lucio, L., Zhang, Q., Nguyen, P.H., Amrani, M., Klein, J., Vangheluwe, H., Traon, Y.L.: Advances in model-driven security. Adv. Comput. 93, 103–152 (2014)CrossRef

36.

Maroti, M., et al.: Next generation (meta)modeling: web- and cloud-based collaborative tool infrastructure. In: 8th Multi-Paradigm Modeling Workshop, Valencia, Spain (2014)

37.

Martínez, S., García, J., Cabot, J.: Runtime support for rule-based access-control evaluation through model-transformation. In: Proceedings of the 2016 ACM SIGPLAN International Conference on Software Language Engineering, pp. 57–69. ACM (2016)

38.

Montrieux, L., Hu, Z.: Towards attribute-based authorisation for bidirectional programming. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, SACMAT’15, pp. 185–196. ACM, New York (2015)

39.

Obeo. Obeo designer team. https://www.obeodesigner.com/en/collaborative-features

40.

OMG Object Constraint Language. http://www.omg.org/spec/OCL/ (2014)

41.

Oracle. Database Semantic Technologies. http://docs.oracle.com/cd/E11882_01/appdev.112/e11828/fine_grained_acc.htm

42.

Papakonstantinou, V., Michou, M., Fundulaki, I. Flouris, G., Antoniou, G.: Access control for RDF graphs using abstract models. In: 17th ACM Symposium on Access Control Models and Technologies, SACMAT’12, Newark, NJ, USA, June 20–22, 2012, pp. 103–112. ACM (2012)

43.

Rocco, J.D., Ruscio, D.D., Iovino, L., Pierantonio, A.: Collaborative repositories in model-driven engineering [software technology]. IEEE Softw. 32(3), 28–34 (2015)CrossRef

44.

Roscoe, A.W.: Understanding Concurrent Systems. Springer, Berlin (2010)CrossRefMATH

45.

Roscoe, B.: The theory and practice of concurrency (1998)

46.

Stevens, P.: Bidirectional model transformations in QVT: semantic issues and open questions. Softw. Syst. Model. 9(1), 7–20 (2008)MathSciNetCrossRef

47.

Syriani, E., Vangheluwe, H., Mannadiar, R., Hansen, C., Mierlo, V., Ergin, H.: AToMPM: A Web-based Modeling Environment. MODELS 2013 Demonstrations Track (2013)

48.

The Cambridge Dictionary. http://dictionary.cambridge.org/dictionary/english/obfuscate (2017)

49.

The Eclipse Foundation. CDO. http://www.eclipse.org/cdo

50.

The Eclipse Foundation. EMFStore. http://www.eclipse.org/emfstore

51.

The Eclipse Foundation. RAP. http://www.eclipse.org/rap/

52.

The Eclipse Project. Eclipse Modeling Framework. http://www.eclipse.org/emf/

53.

Tolvanen, J.: MetaEdit+: Domain-specific modeling and product generation environment. In: 11th International Conference on Software Product Lines, SPLC 2007, Kyoto, Japan, pp. 145–146 (2007)

54.

Varró, D., Bergmann, G., Hegedüs, Á., Horváth, Á., Ráth, I., Ujhelyi, Z.: Road to a reactive and incremental model transformation platform: three generations of the viatra framework. Softw. Syst. Model. 15(3), 609–629 (2016). 05/2016CrossRef

55.

Whittle, J., Hutchinson, J.E., Rouncefield, M.: The state of practice in model-driven engineering. IEEE Softw. 31(3), 79–85 (2014)CrossRef

Titel: Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformations
verfasst von: Csaba Debreceni
Gábor Bergmann
István Ráth
Dániel Varró
Publikationsdatum: 21.11.2017
Verlag: Springer Berlin Heidelberg
Erschienen in: Software and Systems Modeling / Ausgabe 3/2019
Print ISSN: 1619-1366
Elektronische ISSN: 1619-1374
DOI: https://doi.org/10.1007/s10270-017-0631-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 3/2019

An experiment in model-driven conceptual database design

Advanced prefetching and caching of models with PrefetchML

Handling index-out-of-bounds in safety-critical embedded C code using model-based development

A model-driven framework for developing multi-agent systems in emergency response environments

Hybrid co-simulation: it’s about time

Editorial to the theme section on model-based design of cyber-physical systems