Diploma thesis:

Model-Driven Development of a RBAC-based Policy Decision Engine

Keywords:

• Role-Based Access Control
• Model-Driven Development
• Security Policy Evaluation

Introduction:

Access control is a central security mechanism in IT-systems with integrity or confidentiality requirements. Whenever a user attempts to perform a certain task or attempts to access a certain object it has to be decided, as part of the access control mechanism, whether such a request is granted or denied. These so-called access decisions are made by a software component called policy decision engine. This engine is configured by loading an authorization policy that provides all information and all conditions necessary to come to an access decision.

Role-based access control (RBAC) is an important access control concept that naturally reflects the structure of an organization and is therefore particularly suitable with respect to policy administration. For example, if users change positions they only need to be assigned to the appropriate roles of their new position instead of a direct assignment to the permissions necessary for the new position.

Goal:

The goal of this diploma thesis is to develop a policy decision engine that is based on the role-based access control model. What is special about this is that the development is carried out by using a model-driven development (MDD) approach. Current research results give a promising perspective for using MDD for this purpose. This is basically due to the fact that modern access control requirements have so many facets that they can only be addressed by highly modular and flexible mechanisms.

Gain:

One may expect that such a policy decision engine is able to provide a flexible and modular framework for enforcing various access control principles such as separation of duty and delegation of rights. Thus, the work of this diploma thesis is a first step towards a policy decision engine as it is needed by the authorization infrastructures of today's enterprises.

Tasks:

1. Read up on the subject: acquaint yourself with current model-driven development approaches as well as with access control theory including RBAC.

2. Analysis: analyze how these approaches can be used in order to meet the above mentioned goals.

3. Implementation: carry out the development.

4. Evaluation: evaluate how your results compare to the original goals and motivation as well as collect the drawbacks and benefits of the MDD as they turned out during your work.

5. Documentation and Write-Up: nothing to say here.

Contact:

If you are interested or have any questions, please contact Christopher Alm.

Note: The thesis can be written in German or English.