A Graphical Framework for the Category-Based Metamodel for Access Control and Obligations
This work addresses the need for better tools to manage dynamic obligations in access control systems, particularly for security and policy modeling, but it appears incremental as it builds on existing CBAC and CBACO models.
The authors tackled the problem of visualizing and analyzing obligations in access control policies by designing a graph-based framework for the CBACO model, which extends the category-based metamodel to include obligations and allows for dynamic system behavior through implementation in the PORGY graph-rewriting tool.
We design a graph-based framework for the visualisation and analysis of obligations in access control policies. We consider obligation policies in CBACO, the category-based access control model, which has been shown to subsume many of the most well known access control such as MAC, DAC, RBAC. CBACO is an extension of the CBAC metamodel that deals with obligations. We describe the implementation of the proposed model in PORGY, a strategy driven graph-rewriting tool, based on the theory of port-graphs. CBACO policies allow for dynamic behavior in the modelled systems, which is implemented using the strategy language of PORGY.