Dynamic Role-Based Access Control Scenarios for Smart Contracts: Graph Rewriting for Testing Domain-specific Models

By: Issam Al-Azzoni, Reiko Heckel, Zobia Erum

Abstract

Domain-specific languages (DSLs) express requirements or designs through visual abstractions. To support complex development tasks such as code generation, testing and analysis, DSLs need semantic foundations. This paper introduces such a semantic framework for DSLs based on graph rewriting. We apply our framework to a DSL for defining multi-party dynamic role-based access control policies for smart contracts. Role-based access control models (RBACMs) express constraints on who can access which resources. Dynamic RBACMs allow a dynamic role membership. Access control policies, in particular for smart contracts, can involve multiple parties such as members of different groups or organisations, combining complex logical and dynamic constraints, and hence are hard to design, understand, validate and test at code level. Our diagrammatic notation supports complex authorisation patterns, including alternatives and multiplicities, to address nuanced access control requirements. Defining the operational semantics for RBACMs by graph rewriting, we let the Groove model checker produce traces for actions where access is granted or denied and generate tests for smart contracts in the Digital Asset Modelling Language (DAML). We validate dynamic access control scenarios generated by ChatGPT for use as test cases or advising users at runtime. Such scenarios represent business workflows interleaved with operations to add or remove role members. They are expressed as Groove control programs and are also verified by its model checker.

Keywords

Smart Contracts, DAML, Multi-party Role-based Access Control, Domain-specific Languages, Graph Rewriting, Groove, Model-based Testing, Scenario Validation.

Cite as:

Issam Al-Azzoni, Reiko Heckel, Zobia Erum, “Dynamic Role-Based Access Control Scenarios for Smart Contracts: Graph Rewriting for Testing Domain-specific Models”, Journal of Object Technology, Volume 24, no. 2 (May 2025), pp. 2:1-15, doi:10.5381/jot.2025.24.2.a4.