From access control policies to an Aspect-Based infrastructure: A Metamodel-Based approach

Abstract

Security is among the most successful applications of aspectoriented concepts. In particular, in role-based access control, aspects capture access conditions in a quite modular way. The question we address in this paper is how can aspects be generated from access control policies under a validated process? We present a meta model-based transformation from Secure UML, a role-based access control language, to an abstract aspect language. Within this model-driven engineering context, a security policy is represented as an instance of Secure UML's meta model and the generated aspect is represented as an instance of the abstract aspect language metamodel. Invariants specified on the merged metamodel of Secure UML and the abstract aspect language are checked to validate the generated aspect with respect to the given security policy. We have prototyped our approach as a Java application on top of ITP/ OCL, a rewriting-based OCL evaluator. It outputs validated Aspect J code from a Secure UML policy.