UML/OCL based Design and Analysis of Role-Based Access Control Policies

Access control plays an important part in IT systems these days. Specifically Role-Based Access Control (RBAC) has been widely adopted in practice. One of the major challenges within the introduction of RBAC into an organization is the policy definition. Modeling technologies provide support by allowing to design and to validate a policy. In this work we apply a UML and OCL based domain-specific language (DSL) to design and to analyze the access control of the conference management system EasyChair. For the first time EasyChair is formally described in connection with RBAC. Our activities are located on three levels: (a) the re-engineering of the system’s access control policy is located at the policy level, (b) the framework level summarizes activities concerning the RBAC metamodel (e.g. enhancements), and (c) at the configuration level, we configure a concrete policy using the conference management system options. As a result, both a DSL developed in previous work is checked for the need of enhancements, and the re-enginered EasyChair access control policy is analyzed. For validation purposes a frequently used UML/OCL validation tool is utilized.