UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-Based Access Control, Second Edition
Role-Based Access Control, Second Edition
RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"
IEEE Security and Privacy
MDA-based visual modeling approach for resources link relationships using UML profile
Computer Standards & Interfaces
Hi-index | 0.00 |
When building an access control aware system, integrating access control specifications into the development process is problematic. Even if security modeling is structured at the early phases of development, security mechanisms are placed into the system at the final phases. This late integration affects security and maintainability of the resulting system in a bad way. In this paper, we present a solution for this problem. We propose a Unified Modeling Language (UML) Profile for Role-Based Access Control (RBAC), with which access control specifications can be modeled graphically together with problem domain specifications from the beginning of the design phase, making it possible to extend security integration over entire development process. We employed significant RBAC constraints like static and dynamic separation of duties into the profile and introduced how Object Constraint Language (OCL) is used to validate well-formedness and meaning of information models against the RBAC.