A Graphical Framework for the Category-Based Metamodel for Access Control and Obligations

We design a graph-based framework for the visualisation and analysis of obligations in access control policies. We consider obligation policies in CBACO, the category-based access control model, which has been shown to subsume many of the most well known access control such as MAC, DAC, RBAC. CBACO is an extension of the CBAC metamodel that deals with obligations. We describe the implementation of the proposed model in PORGY, a strategy driven graph-rewriting tool, based on the theory of port-graphs. CBACO policies allow for dynamic behavior in the modelled systems, which is implemented using the strategy language of PORGY.