Role-Based Access Control Models
Computer
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
An Approach to Extract RBAC Models from BPEL4WS Processes
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Role-Based Access Control, Second Edition
Role-Based Access Control, Second Edition
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Role Engineering for Enterprise Security Management
Role Engineering for Enterprise Security Management
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
Scenario-Driven Role Engineering
IEEE Security and Privacy
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Scenario-driven role engineering is a systematic approach to engineer and maintain RBAC models. Such as every engineering process, this approach heavily depends on human factors and many of the corresponding engineering tasks must be conducted manually. However, based on the experiences we gained from our projects and case studies, we identified several tasks in role engineering that are monotonous, time-consuming, and can get tedious if conducted manually. These tasks include the derivation of candidate RBAC artifacts from business processes and scenario models. In this paper, we present an approach to automatically derive role engineering artifacts from process and scenario models. While our general approach is independent from a specific document format, we especially discuss the derivation of role engineering artifacts from UML activity models, UML interaction models, and BPMN collaboration models. In particular, we use the XMI (XML Metadata Interchange) representation of these models as a tool- and vendor-independent format to identify and automatically derive different role engineering artifacts.