Challenges in Modeling Evolving Access Control Policies using Feature Modeling

With the growth of Enterprises and organizations, the paper-based systems are replaced with software systems. These software systems are built to support a multitude of users with a variety of roles accessing the resources from anywhere and at any time. These operations are regulated through proper definition of Access control policies (Permissions); this plays a major role in protecting the system and its resources. Initially the software developers focused solely on the customer's requirements without concentrating on access control policies [1]. The later inclusion of them in the software system always created problems that resulted in financial loss, data loss and integrity loss of critical systems [2]. The significance of the Access control policies has made the researchers to recommend its adoption in the early phases of the software development. Unlike olden days, today's business processes are evolving day by day. The Access control policies also continually evolve to meet the organization's business needs and customer's interest. This issue is serious because if the evolving Access control policies are not handled properly, the system is continuously vulnerable to data loss, financial loss and integrity loss. The existing works in the literature rarely address the approaches for handling the evolving Access control policies [3]. New abstraction and approaches are needed to represent such policies specific during the software design. This paper discusses research directions that could result in approaches for handling the evolving access control policies in the design phase. This should also ensure the early inclusion of the access control policies at design phase.