A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Constraints for role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Formal specification for role based access control user/role and role/role relationship management
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Role and task-based access control in the PerDiS groupware platform
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The Unified Modeling Language user guide
The Unified Modeling Language user guide
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Supporting Access Control in an Object-Oriented Database Language
EDBT '92 Proceedings of the 3rd International Conference on Extending Database Technology: Advances in Database Technology
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
The rcl 2000 language for specifying role-based authorization constraints
The rcl 2000 language for specifying role-based authorization constraints
Verification of Access Control Coherence in Information System during Modifications
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Modelling Contexts in the Or-BAC Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Information Security Fundamentals
Information Security Fundamentals
Role engineering of information system using extended RBAC model
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
Structured Analysis (SA): A Language for Communicating Ideas
IEEE Transactions on Software Engineering
Access control coherence of information systems based on security constraints
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Representation of extended RBAC model using UML language
SOFSEM'05 Proceedings of the 31st international conference on Theory and Practice of Computer Science
Information Security Architecture: An Integrated Approach to Security in the Organization
Information Security Architecture: An Integrated Approach to Security in the Organization
Access Control of Federated Information Systems
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
V-model approach for role engineering
ICCOMP'09 Proceedings of the WSEAES 13th international conference on Computers
A closer look to the V-model approach for role engineering
WSEAS Transactions on Computers
Implementation of access control model for distributed information systems using usage control
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Role approach in access control development with the usage control concept
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Hi-index | 0.00 |
This paper presents a methodology to design the RBAC (Role-Based Access Control) scheme during the design phase of an Information System. Two actors, the component developer and the security administrator, will cooperate to define and set up the minimal set of roles in agreement with the application constraints and the organization constraints that guarantee the global security policy of an enterprise. In order to maintain the global coherence of the existing access control scheme, an algorithm is proposed to detect the possible inconsistencies before the integration of a new component in the Information System.