Towards accuracy of role-based access control configurations in component-based systems

Access control is a common concern in most software applications. In component-based systems, although developers can implement access control requirements (ACRs) by simply declaring role-based access control configurations (ACCs) of components, it is still difficult for them to define and evolve ACCs accurately implementing ACRs due to the gap between the complex high-level ACRs and the voluminous ACCs enforced by underlying middleware platforms, and the ad hoc mistakes of human. This paper introduces and clarifies the concept of accuracy of ACCs relative to ACRs, and presents a set of metrics and algorithms which can be used to automatically evaluate and improve accuracy of ACCs by evaluating and reconfiguring the software architecture with ACCs. We apply our achievements in a composed e-shop application.