Title: Feasibility study of software reengineering towards role-based access control

Authors: Han Li; Hongji Yang; Feng Chen; He Guo; Yuansheng Yang

Addresses: School of Computer Science and Technology, Dalian University of Technology, 116023 Dalian, China. ' Faculty of Technology (FoT), De Montfort University, Leicester, LE1 9BH, UK. ' Faculty of Technology (FoT), De Montfort University, Leicester, LE1 9BH, UK. ' School of Software, Dalian University of Technology, Development Area, 116620 Dalian, China. ' School of Computer Science and Technology, Dalian University of Technology, 116023 Dalian, China

Abstract: Role-Based Access Control (RBAC) is accepted as the most commonly used access control policy; however, it is mainly used during the development of new software systems. In this paper, an approach to reengineering RBAC into legacy systems by applying program transformation is proposed. Wide Spectrum Language (WSL) and MetaWSL are extended. Transformation rules, algorithm and operations for further authorisation management are defined to support access control reorganisation. A case study is demonstrated on a prototype tool FermaT-based Access Control Reorganisation (F-ACR). The result shows that it is a feasible and promising approach to enforcing RBAC in legacy systems.

Keywords: access control policy; RBAC; role-based access control; program transformation; legacy systems; software reengineering.

DOI: 10.1504/IJCAT.2011.045410

International Journal of Computer Applications in Technology, 2011 Vol.42 No.2/3, pp.239 - 251

Published online: 11 Feb 2012 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article