A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
SecurOntology: A semantic web access control framework
Computer Standards & Interfaces
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
A conceptual meta-model for secured information systems
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
In this paper we present a novel approach for the specification of user rights in the context of an object oriented use case driven development process. Basically, we extend the specification of methods by a permission section describing the right of some actor to call the method of an object. Our approach is both role based and context based while allowing for permissions to be specified at a fine-grained data-dependent level. We use first-order logic with a built-in notion of objects and classes (provided with an algebraic semantics) as our syntactic and semantic framework. In the second part of the paper, we demonstrate the application of this approach in a model-based context to generate permissions in distributed peer-to-peer networks.