Miro: Visual Specification of Security
IEEE Transactions on Software Engineering
Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Encyclopedia of Software Engineering
Encyclopedia of Software Engineering
Usability Engineering
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
Visual Authorization Modeling in E-commerce Applications
IEEE MultiMedia
A Framework for the Management of Information Security
ISW '97 Proceedings of the First International Workshop on Information Security
ACM SIGOPS Operating Systems Review
Metacognitive Theories of Visual Programming: What do we think we are doing?
VL '96 Proceedings of the 1996 IEEE Symposium on Visual Languages
Does Metaphor Increase Visual Language Usability?
VL '99 Proceedings of the IEEE Symposium on Visual Languages
VL '00 Proceedings of the 2000 IEEE International Symposium on Visual Languages (VL'00)
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
An XACML-based Policy Management and Authorization Service for Globus Resources
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
A Controlled Experiment on the Impact of the Object Constraint Language in UML-Based Development
ICSM '04 Proceedings of the 20th IEEE International Conference on Software Maintenance
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
| Hi-index | 0.01 |
The definition of security policies in information systems and programming applications is often accomplished through traditional low level languages that are difficult to use. This is a remarkable drawback if we consider that security policies are often specified and maintained by top level enterprise managers who would probably prefer to use simplified, metaphor oriented policy management tools. To support all the different kinds of users we propose a suite of visual languages to specify access and security policies according to the role based access control (RBAC) model. Moreover, a system implementing the proposed visual languages is proposed. The system provides a set of tools to enable a user to visually edit security policies and to successively translate them into (eXtensible Access Control Markup Language) code, which can be managed by a Policy Based Management System supporting such policy language. The system and the visual approach have been assessed by means of usability studies and of several case studies. The one presented in this paper regards the configuration of access policies for a multimedia content management platform providing video streaming services also accessible through mobile devices.