Modeling and enforcing access control policies in conversational user interfaces-Reference-Cited by-同舟云学术

Modeling and enforcing access control policies in conversational user interfaces

Published:2023-11-22 Issue:6 Volume:22 Page:1925-1944
ISSN:1619-1366
Container-title:Software and Systems Modeling
language:en
Short-container-title:Softw Syst Model

Author:

Planas Elena^ORCID,Martínez Salvador^ORCID,Brambilla Marco^ORCID,Cabot Jordi^ORCID

Abstract

AbstractConversational user interfaces (CUIs), such as chatbots, are becoming a common component of many software systems. Although they are evolving in many directions (such as advanced language processing features, thanks to new AI-based developments), less attention has been paid to access control and other security concerns associated with CUIs, which may pose a clear risk to the systems they interface with. In this paper, we apply model-driven techniques to model and enforce access-control policies in CUIs. In particular, we present a fully fledged framework to integrate the role-based access-control (RBAC) protocol into CUIs by: (1) modeling a set of access-control rules to specify permissions over the bot resources using a domain-specific language that tailors core RBAC concepts to the CUI domain; and (2) describing a mechanism to show the feasibility of automatically generating the infrastructure to evaluate and enforce the modeled access control policies at runtime.

Funder

Universitat Oberta de Catalunya

Publisher

Springer Science and Business Media LLC

Subject

Modeling and Simulation,Software

Link

https://link.springer.com/content/pdf/10.1007/s10270-023-01131-3.pdf

Reference48 articles.

1. 5200.28-STD, D.: Trusted Computer System Evaluation Criteria. Dod Computer Security Center (1985)

2. Attributed based access control (abac) for web services. In: IEEE International Conference on Web Services (ICWS’05). IEEE (2005)

3. Amato, F., Marrone, S., Moscato, V., Piantadosi, G., Picariello, A., Sansone, C.: Chatbots meet ehealth: automatizing healthcare. In: Workshop on Artificial Intelligence with Application in Health, vol. 1982 (2017)

4. Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, pp. 1–10 (2011)

5. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From uml models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)