Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2023;25(1):49-74.
doi: 10.1007/s10009-023-00697-z. Epub 2023 Feb 10.

A technology transfer journey to a model-driven access control system

Martina De Sanctis #  1 Amleto Di Salle #  2 Ludovico Iovino #  1 Maria Teresa Rossi #  1
Affiliations

A technology transfer journey to a model-driven access control system

Martina De Sanctis et al. Int J Softw Tools Technol Transf. 2023.

Abstract

In the model-driven security domain, access control systems provide an application for handling access of persons through controlled gates. A gate, such as a door, can have a lock mechanism for securing the area from unauthorized access. Most commercial solutions for access control management offer pre-packaged software systems where customization of the authorization logic is either not allowed or subject to payment. Moreover, cross-platform development is a barrier for solution providers due to the high cost of development and maintenance that it implies. To overcome these limitations and further optimize the entire access control systems development process, we propose a model-driven approach that supports automatic code generation to enable communication between an IoT infrastructure and platforms for Facility Access Management. Specifically, the approach combines the benefits of Near-Field Communication (NFC) and Tinkerforge (i.e., an open-source hardware platform) with model-driven techniques. This allows the approach to exploit both behavioral and structural models for the modeling and the consequent code generation of part of the authorization mechanism, thus providing complete coverage of the code generated for the whole system. We implemented and evaluated our approach in a real-world case study within the premises of a fitness center with an IoT infrastructure consisting of several heterogeneous sensors by showing its practical applicability. Experimental results demonstrate the effectiveness of our approach in supporting abstraction and automation concerning traditional code-centric development through code generation features. Consequently, our approach makes the whole development process less time-consuming and error-prone, thus reducing the system's time to market.

Keywords: Access control system (ACS); IoT; MDE; Near-field communication (NFC).

PubMed Disclaimer

Figures

Fig. 1
Fig. 1
Layout of the building
Fig. 2
Fig. 2
Picture of the assembled device
Fig. 3
Fig. 3
General overview of the approach
Fig. 4
Fig. 4
Overview of the process
Fig. 5
Fig. 5
Access Control System Metamodel
Fig. 6
Fig. 6
Tinkerforge Metamodel
Fig. 7
Fig. 7
Yakindu statecharts Metamodel
Fig. 8
Fig. 8
Interoperability Weaving Metamodel
Fig. 9
Fig. 9
Interoperability weaving example model
Fig. 10
Fig. 10
Entrance Brick statechart
Fig. 11
Fig. 11
Weaving model used link modeled statecharts with the infrastructure
Fig. 12
Fig. 12
Console log showing the runtime interaction of one of the access control devices in the fitness center premises
See this image and copyright information in PMC

References

    1. Moreno, M.V., Hernández, J.L., Skarmeta, A.F.: A new location-aware authorization mechanism for indoor environments. In: International Conference on Advanced Information Networking and Applications Workshops, pp. 791–796 (2014). IEEE
    1. Lúcio, L., Zhang, Q., Nguyen, P., Amrani, M., Klein, J., Vangheluwe, H., Le Traon, Y. (2014). Advances in Model-Driven Security 93, 103–152 10.1016/B978-0-12-800162-2.00003-8
    1. Nguyen PH, Kramer M, Klein J, Le Traon Y. An extensive systematic review on the model-driven development of secure systems. Inf. Softw. Technol. 2015;68:62–81. doi: 10.1016/j.infsof.2015.08.006. - DOI
    1. Coskun V, Ozdenizci B, Ok K. A survey on near field communication (nfc) technology. Wirel. Pers. Commun. 2013;71(3):2259–2294. doi: 10.1007/s11277-012-0935-5. - DOI
    1. Bravo, J., Hervas, R., Chavira, G., Nava, S.W., Villarreal, V.: From implicit to touching interaction: Rfid and nfc approaches. In: Conference on Human System Interactions, pp. 743–748 (2008)

LinkOut - more resources