Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Deriving Petri Nets from Finite Transition Systems
IEEE Transactions on Computers
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Production workflow: concepts and techniques
Production workflow: concepts and techniques
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
ACM Computing Surveys (CSUR)
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Notable design patterns for domain-specific languages
Journal of Systems and Software
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Aris-Business Process Modeling
Aris-Business Process Modeling
Workflow Automation: Overview and Research Issues
Information Systems Frontiers
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Guidelines of Business Process Modeling
Business Process Management, Models, Techniques, and Empirical Studies
Task-role-based access control model
Information Systems
The Pragmatics of Model-Driven Development
IEEE Software
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Tool Support for Verifying UML Activity Diagrams
IEEE Transactions on Software Engineering
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
An Approach to Extract RBAC Models from BPEL4WS Processes
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Embedding Policy Rules for Software-Based Systems in a Requirements Context
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Model-Based Design and Analysis of Permission-Based Security
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
When and how to develop domain-specific languages
ACM Computing Surveys (CSUR)
On the semantics of EPCs: resolving the vicious circle
Data & Knowledge Engineering - Special issue: Business process management
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
An evaluation of conceptual business process modelling languages
Proceedings of the 2006 ACM symposium on Applied computing
On the suitability of UML 2.0 activity diagrams for business process modelling
APCCM '06 Proceedings of the 3rd Asia-Pacific conference on Conceptual modelling - Volume 53
Queue - Compliance
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
YAWL: yet another workflow language
Information Systems
Model-Driven Software Development: Technology, Engineering, Management
Model-Driven Software Development: Technology, Engineering, Management
Role-Based Access Control, Second Edition
Role-Based Access Control, Second Edition
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
A BPMN Extension for the Modeling of Security Requirements in Business Processes
IEICE - Transactions on Information and Systems
Model based development of access policies
International Journal on Software Tools for Technology Transfer (STTT)
History-based joins: Semantics, soundness and implementation
Data & Knowledge Engineering
Constraint based role based access control in the SECTET-framework: A model-driven approach
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Delegation and satisfiability in workflow systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Semantics and analysis of business process models in BPMN
Information and Software Technology
Enforcing Role-Based Access Control Policies in Web Services with UML and OCL
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Metrics for Process Models: Empirical Foundations of Verification, Error Prediction, and Guidelines for Correctness
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
From business process models to process-oriented software systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Role Engineering for Enterprise Security Management
Role Engineering for Enterprise Security Management
An approach for the systematic development of domain-specific languages
Software—Practice & Experience
An MDA approach to Access Control Specifications Using MOF and UML Profiles
Electronic Notes in Theoretical Computer Science (ENTCS)
A Taxonomy of Model Transformation
Electronic Notes in Theoretical Computer Science (ENTCS)
Scenario-Driven Role Engineering
IEEE Security and Privacy
Formalization and verification of EPCs with OR-joins based on state and context
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Secure Systems Development with UML
Secure Systems Development with UML
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
On the suitability of BPMN for business process modelling
BPM'06 Proceedings of the 4th international conference on Business Process Management
Workflow resource patterns: identification, representation and tool support
CAiSE'05 Proceedings of the 17th international conference on Advanced Information Systems Engineering
An MDA approach towards integrating formal and informal modeling languages
FM'05 Proceedings of the 2005 international conference on Formal Methods
Specification and validation of authorisation constraints using UML and OCL
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Modeling composition in dynamic programming environments with model transformations
SC'06 Proceedings of the 5th international conference on Software Composition
Access control: principle and practice
IEEE Communications Magazine
An integrated approach for identity and access management in a SOA context
Proceedings of the 16th ACM symposium on Access control models and technologies
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
On the refactoring of activity labels in business process models
Information Systems
Defining and analysing resource assignments in business processes with RAL
ICSOC'11 Proceedings of the 9th international conference on Service-Oriented Computing
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Generic support for RBAC break-glass policies in process-aware information systems
Proceedings of the 28th Annual ACM Symposium on Applied Computing
A framework for role-based feature management in software product line organizations
Proceedings of the 17th International Software Product Line Conference
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Modelling context-aware RBAC models for mobile business processes
International Journal of Wireless and Mobile Computing
Detection of naming convention violations in process models for different languages
Decision Support Systems
Information and Software Technology
| Hi-index | 0.00 |
Context: Business processes are an important source for the engineering of customized software systems and are constantly gaining attention in the area of software engineering as well as in the area of information and system security. While the need to integrate processes and role-based access control (RBAC) models has been repeatedly identified in research and practice, standard process modeling languages do not provide corresponding language elements. Objective: In this paper, we are concerned with the definition of an integrated approach for modeling processes and process-related RBAC models - including roles, role hierarchies, statically and dynamically mutual exclusive tasks, as well as binding of duty constraints on tasks. Method: We specify a formal metamodel for process-related RBAC models. Based on this formal model, we define a domain-specific extension for a standard modeling language. Results: Our formal metamodel is generic and can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a corresponding extension for UML2 activity models. The name of our extension is Business Activities. Moreover, we implemented a library and runtime engine that can manage Business Activity runtime models and enforce the different policies and constraints in a software system. Conclusion: The definition of process-related RBAC models at the modeling-level is an important prerequisite for the thorough implementation and enforcement of corresponding policies and constraints in a software system. We identified the need for modeling support of process-related RBAC models from our experience in real-world role engineering projects and case studies. The Business Activities approach presented in this paper is successfully applied in role engineering projects.