Automatic Generation of XACML Code using Model-Driven Approach

Abstract

Precise specification of security requirements of software systems in general, and access control policies in particular, is a critical issue. The eXtensible Access Control Markup Language (XACML) is a well-known standard for defining access control policies. The problem is that using this language and manual formulation of policies requires technical knowledge and is error prone. To address this challenge, we propose a Domain-Specific Modeling Language (DSML), called Dual-XACML that supports both Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). As the tool support, a graphical editor as well as a transformation engine has been developed in this research. The graphical editor allows the user to create a model of access control policies for the target system. Then, using the transformations, the model is transformed into the corresponding XACML code. To evaluate the proposed approach, the XACML code of a typical system is generated, automatically. © 2021 IEEE.