A Method to Ensure Compliance with Attribute and Role Based Access Control Policy for Executing BPMN Models

摘要

The stringent control of access rights during business processes execution is an important technique to ensure systems security. Business processes are often designed and operated based on models represented by domain-specific languages, such as BPMN. Moreover, access control policies are often studied and specified based on access control models, such as Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC). These security techniques have several challenges that need to be addressed, such as (1) ensuring consistency of RBAC/ABAC policy specifications and (2) ensuring compliance with RBAC/ABAC policies when executing a business process. In this paper, we propose using a metamodeling technique to take advantage of UML and OCL’s expressive power in order to facilitate validation and verification of RBAC/ABAC policies. Within our approach, the RBAC metamodel is extended so that ABAC constraints for complex business rules could be captured and checked. We build a support tool by incorporating Activiti (the support tool for specifying and implementing BPMN models) with USE (UML-based Specification Environment). The proposed method is experimented and evaluated for the process of liquidating the individual teaching contracts of a training management system.