Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Role-Based Access Control Models
Computer
Secure computing: threats and safeguards
Secure computing: threats and safeguards
Pattern-oriented software architecture: a system of patterns
Pattern-oriented software architecture: a system of patterns
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Computer security
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
An authorization model for a shared data base
SIGMOD '75 Proceedings of the 1975 ACM SIGMOD international conference on Management of data
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Database Security and Integrity
Database Security and Integrity
Access control: principles and solutions
Software—Practice & Experience - Special issue: Security software
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Framework for Multiple Authorization Types in a Healthcare Application System
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
A Pattern Language for Identity Management
ICCGI '07 Proceedings of the International Multi-Conference on Computing in the Global Information Technology
Patterns for session-based access control
Proceedings of the 2006 conference on Pattern languages of programs
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Towards a comprehensive framework for secure systems development
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Policies, models, and languages for access control
DNIS'05 Proceedings of the 4th international conference on Databases in Networked Information Systems
The OPL Access Control Policy Language
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Proceedings of the first ACM conference on Data and application security and privacy
Applicability of security patterns
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
| Hi-index | 0.00 |
Access control is a fundamental aspect of security. There are many variations of the basic access control models and it is confusing for a software developer to select an appropriate model for her application. The result in practice is that only basic models are used and the power of more advanced models is thus lost. We try to clarify this panorama here through the use of patterns. In particular, we use pattern diagrams to navigate the pattern space. A pattern diagram shows relationships between patterns and we can see how different models relate to each other. A subproduct of our work is the analysis of which patterns are available for use and which need to be written. Pattern maps are also useful to perform semi-automatic model transformations as required for Model-Driven Development (MDD). The idea is to provide the designer of a secure system with a navigation tool that she can use to select an appropriate pattern from a catalog of security patterns. We also indicate how to compose new access control models by adding features to an existing pattern and how to define patterns by analogy.