Legal contracts have served as the bedrock of business transactions for millennia. Many are now automated through the use of smart contracts, supported by blockchain and IoT technologies. However, automation poses security challenges as to who should have access to operate on contract elements. This paper proposes a role-based access control model, treating all contract elements as resources and ensuring regulated access by designated parties. The access control model extends the Symboleo specification language for legal contracts with new modeling concepts inspired by Role-Based Access Control (RBAC), tailored for the legal contract domain, resulting in SymboleoAC. Specifically, we: (i) model a set of access control concepts, including resource, access rule, and access policy, thereby extending the Symboleo ontology, (ii) define controller rules that specify who can authorize access to each resource, and (iii) present pre-authorization rules that specify who has access to what. Our contributions include an access control model for legal contracts, an extension of the Symboleo language with pre-authorization access rules, as well as a tool that generates smart contract code for Hyperledger Fabric (in JavaScript, from SymboleoAC) that is compliant with access policies and access rules.
SymboleoAC: An Access Control Model for Legal Contracts / Alfuhaid, Sofana; Ahmed Anda, Amal; Amyot, Daniel; Roveri, Marco; Mylopoulos, John. - 538:(2025), pp. 227-243. (Intervento presentato al convegno 17th IFIP 8.1 Working Conference on the Practice of Enterprise Modeling, PoEM 2024 tenutosi a Stockholm, Sweden nel 2024) [10.1007/978-3-031-77908-4_14].
SymboleoAC: An Access Control Model for Legal Contracts
Marco Roveri
;John Mylopoulos
2025-01-01
Abstract
Legal contracts have served as the bedrock of business transactions for millennia. Many are now automated through the use of smart contracts, supported by blockchain and IoT technologies. However, automation poses security challenges as to who should have access to operate on contract elements. This paper proposes a role-based access control model, treating all contract elements as resources and ensuring regulated access by designated parties. The access control model extends the Symboleo specification language for legal contracts with new modeling concepts inspired by Role-Based Access Control (RBAC), tailored for the legal contract domain, resulting in SymboleoAC. Specifically, we: (i) model a set of access control concepts, including resource, access rule, and access policy, thereby extending the Symboleo ontology, (ii) define controller rules that specify who can authorize access to each resource, and (iii) present pre-authorization rules that specify who has access to what. Our contributions include an access control model for legal contracts, an extension of the Symboleo language with pre-authorization access rules, as well as a tool that generates smart contract code for Hyperledger Fabric (in JavaScript, from SymboleoAC) that is compliant with access policies and access rules.| File | Dimensione | Formato | |
|---|---|---|---|
|
POEM2024_SymboleoAC.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
818.15 kB
Formato
Adobe PDF
|
818.15 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
