Model driven security: unification of authorization models for fine-grain access control

The research vision of the Unified Component Meta Model Framework (Uniframe) is to develop infrastructure for components that enables a plug and play component environment where the security contracts are a part of the component description and the security aware middleware is generated by the component integration toolkits. That is, the component providers will define security contracts in addition to the functional contracts. These security contracts will be used to analyze the ability of a service to meet the security constraints when used in a composition of components. A difficulty in progressing the security related aspects of this infrastructure is the lack of a unified access control model that can be leveraged to identify protected resources and access control points at the model level. Existing component technologies utilize various mechanisms for specifying security constraints. This paper will explore issues related to expressing access control requirements of components and the resources they manage. It proposes a platform independent model (PIM) for the access control that can be leveraged to parameterize domain models. It also outlines the analysis necessary to progress a standard transformation from this PIM to three existing platform specific models (PSMs).