Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformations

Debreceni, Csaba; Bergmann, Gábor; Ráth, István; Varró, Dániel

doi:10.1007/s10270-017-0631-8

Cited by 10 publications

(13 citation statements)

References 25 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Erroneous access control settings can have a critical impact [27], due to export control regulations, the high business value of intellectual property (IP) contained in the models, and the importance of adherence to change request procedures. However, in practice, it may be difficult to properly implement access control policies based on informal security requirements (see examples in [8,18,23]) and the interactions or conflicts between different access rules or requirements may not be well thought-out. An example access rule may grant certain specialists full access to subsystems they own, as well as the contents of such subsystems.…”

Section: Motivation: Testing Model-based Access Control Policiesmentioning

confidence: 99%

“…In our experiments, we rely on the policy language of the MONDO Collaboration Framework [18], which is (i) fine-grained in the sense that each model element is assigned its own set of permissions; and (ii) rule-based with single rules granting or denying permissions for many elements in a model (selected according to an expressive graph query / predicate, see Sect. 2.3).…”

Section: Motivation: Testing Model-based Access Control Policiesmentioning

confidence: 99%

“…This paper extends previous work [50] by incorporating novel distance metrics, a new complex case study, and a substantially extended experimental evaluation (with new research questions, model generators and a new case study). Finally, as a by-product, we also provide a reusable mutation generator (following ideas in [10,35]) for a model-based access control policy language [18].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Diversity of graph models and graph generators in mutation testing

Semeráth

Farkas

Bergmann

et al. 2019

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

When custom modeling tools are used for designing complex safety-critical systems (e.g., critical cyber-physical systems), the tools themselves need to be validated by systematic testing to prevent tool-specific bugs reaching the system. Testing of such modeling tools relies upon an automatically generated set of models as a test suite. While many software testing practices recommend that this test suite should be diverse, model diversity has not been studied systematically for graph models. In the paper, we propose different diversity metrics for models by generalizing and exploiting neighborhood and predicate shapes as abstraction. We evaluate such shape-based diversity metrics using various distance functions in the context of mutation testing of graph constraints and access policies for two separate industrial DSLs. Furthermore, we evaluate the quality (i.e., bug detection capability) of different (random and consistent) model generation techniques for mutation testing purposes.

show abstract

Section: Motivation: Testing Model-based Access Control Policiesmentioning

confidence: 99%

Section: Motivation: Testing Model-based Access Control Policiesmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Diversity of graph models and graph generators in mutation testing

Semeráth

Farkas

Bergmann

et al. 2019

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, they offer access control with very specific limitations, at least by default. More sophisticated access control solutions exist [9], but the interactions of multiple views are poorly studied, despite the potential for unintended side effects. We believe that a significant reason for the lack of satisfying solutions is that the underlying mathematics is not sufficiently understood at this point, making it difficult to engineer collaboration platforms that work both correctly and predictably, while still keeping a large degree of freedom in the kind of access control policies that can be applied.…”

Section: Motivation: Collaborative Engineering With Access Controlmentioning

confidence: 99%

Controllable and decomposable multidirectional synchronizations

Bergmann

2021

Softw Syst Model

Self Cite

View full text Add to dashboard Cite

Studying large-scale collaborative systems engineering projects across teams with differing intellectual property clearances, or healthcare solutions where sensitive patient data needs to be partially shared, or similar multi-user information systems over databases, all boils down to a common mathematical framework. Updateable views (lenses) and more generally bidirectional transformations are abstractions to study the challenge of exchanging information between participants with different read access privileges. The view provided to each participant must be different due to access control or other limitations, yet also consistent in a certain sense, to enable collaboration towards common goals. A collaboration system must apply bidirectional synchronization to ensure that after a participant modifies their view, the views of other participants are updated so that they are consistent again. While bidirectional transformations (synchronizations) have been extensively studied, there are new challenges that are unique to the multidirectional case. If complex consistency constraints have to be maintained, synchronizations that work fine in isolation may not compose well. We demonstrate and characterize a failure mode of the emergent behaviour, where a consistency restoration mechanism undoes the work of other participants. On the other end of the spectrum, we study the case where synchronizations work especially well together: we characterize very well-behaved multidirectional transformations, a non-trivial generalization from the bidirectional case. For the former challenge, we introduce a novel concept of controllability, while for the latter one, we propose a novel formal notion of faithful decomposition. Additionally, the paper proposes several novel properties of multidirectional transformations.

show abstract

“…The central component of the MONDO Collaboration Framework is the MONDO Collaboration Server [10], which enforces fine-grained access control during both offline and online collaborative modeling. The server provides secure views with precisely defined model access to each collaborator, synchronized with each other by bidirectional model transformations [25]. In particular, a transformation applies read access restrictions to present a filtered view to a user, while a separate transformation merges changes proposed by a user into the unfiltered model (if write access restrictions allow); both transformations are automatically derived from the declared access control policy.…”

Section: Architectural Overviewmentioning

confidence: 99%

Scalable modeling technologies in the wild: an experience report on wind turbines control applications development

et al. 2020

Self Cite

View full text Add to dashboard Cite

Scalability in modeling has many facets, including the ability to build larger models and domain specific languages (DSLs) efficiently. With the aim of tackling some of the most prominent scalability challenges in Model-Based Engineering (MBE), the MONDO EU project developed the theoretical foundations and open-source implementation of a platform for scalable modeling and model management. The platform includes facilities for building large graphical DSLs, for splitting large models into sets of smaller interrelated fragments, to index large collections of models to speed-up their querying, and to enable the collaborative construction and refinement of complex models, among other features. This paper reports on the tools provided by MONDO that Ikerlan, a medium-sized technology center which in the last decade has embraced the MBE paradigm, adopted in order to

show abstract

Enforcing fine-grained access control for secure collaborative modelling using bidirectional transformations

Cited by 10 publications

References 25 publications

Diversity of graph models and graph generators in mutation testing

Diversity of graph models and graph generators in mutation testing

Controllable and decomposable multidirectional synchronizations

Scalable modeling technologies in the wild: an experience report on wind turbines control applications development

Contact Info

Product

Resources

About