Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Role-finding/role-engineering (panel session)
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Activity analysis as a method for information systems development
Scandinavian Journal of Information Systems - Special issue on information technology in human activity
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Information Systems Development as an Activity
Computer Supported Cooperative Work
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Activity theory: basic concepts and applications
CHI EA '97 CHI '97 Extended Abstracts on Human Factors in Computing Systems
International Journal of Business Information Systems
Developing a measure of collective awareness in virtual teams
International Journal of Business Information Systems
Knowledge management within information security: the case of Barings Bank
International Journal of Business Information Systems
International Journal of Business Information Systems
International Journal of Business Information Systems
International Journal of Business Information Systems
Hi-index | 0.00 |
Roles are convenient and powerful concept for facilitating access to distributed systems and for enforcing access management polices. Role-based access control (RBAC) is one of the most convenient and widely used role engineering models across enterprises. However, traditional role design process only factors in functional and job requirements of any user. Several threats arise due to insecure and inefficient design of roles when social and interaction dynamics in an organisational setting are ignored, where most activities are carried out a dynamic environment. Activity theory (AT) is one of the most applied and researched theories in context of understanding human actions, interactions with environments and dynamics against different social entities. The first section of the paper presents an overview of role engineering and AT concepts. Building on the concepts, the paper then presents methods in which AT can be applied for efficient and secure role engineering processes. A case study, carried out at a US based midsize financial institution, is also presented to demonstrate: 1) how traditional role engineering processes give way to threats; 2) how using AT methods can uncover some of the risks in role engineering process to mitigate risks.