The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
xlinkit: a consistency checking and smart link generation service
ACM Transactions on Internet Technology (TOIT)
A State-of-the-Art Survey on Software Merging
IEEE Transactions on Software Engineering
Automating Support for Software Evolution in UML
Automated Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Supporting Rigorous Evolution of UML Models
ICECCS '04 Proceedings of the Ninth IEEE International Conference on Engineering Complex Computer Systems Navigating Complexity in the e-Engineering Age
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Challenges in Software Evolution
IWPSE '05 Proceedings of the Eighth International Workshop on Principles of Software Evolution
Instant consistency checking for the UML
Proceedings of the 28th international conference on Software engineering
Fixing Inconsistencies in UML Design Models
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Challenges in Model-Driven Software Engineering
Models in Software Engineering
Incremental Detection of Model Inconsistencies Based on Model Operations
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Generating and Evaluating Choices for Fixing Inconsistencies in UML Design Models
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
A Taxonomy of Model Transformation
Electronic Notes in Theoretical Computer Science (ENTCS)
Incremental resolution of model inconsistencies
WADT'06 Proceedings of the 18th international conference on Recent trends in algebraic development techniques
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
Secure Systems Development with UML
Secure Systems Development with UML
Incremental security verification for evolving UMLsec models
ECMFA'11 Proceedings of the 7th European conference on Modelling foundations and applications
Tool support for UML-based specification and verification of role-based access control properties
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Hi-index | 0.00 |
Access Control plays a crucial part in software security, as it is responsible for making sure that users have access to the resources they need while being forbidden from accessing resources they do not need. Access control models such as Role-Based Access Control have been developed to help system administrators deal with the increasing complexity of the rules that determine whether or not a particular user should access a particular resource. These rules, as well as the users and their needs, are likely to evolve over time. In some cases, it may even be necessary to merge several access control configurations into a single one. In this position paper, we review existing research in model-based software evolution and merging, and argue the need for a specific approach for access control in order to take its specific requirements into account.