Role-Based Access Control Models
Computer
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Transformation Rules for UML Class Diagrams
«UML» '98 Selected papers from the First International Workshop on The Unified Modeling Language «UML»'98: Beyond the Notation
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
The Object Constraint Language: Getting Your Models Ready for MDA
The Object Constraint Language: Getting Your Models Ready for MDA
Role-Based Access Control
The rcl 2000 language for specifying role-based authorization constraints
The rcl 2000 language for specifying role-based authorization constraints
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Unified Modeling Language Reference Manual, The (2nd Edition)
Unified Modeling Language Reference Manual, The (2nd Edition)
Formal specification of role-based security policies for clinical information systems
Proceedings of the 2005 ACM symposium on Applied computing
Visual specifications of policies and their verification
FASE'03 Proceedings of the 6th international conference on Fundamental approaches to software engineering
Validating UML models and OCL constraints
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
A security policy model for clinical information systems
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Validating Access Control Configurations in J2EE Applications
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
Automated analysis of security-design models
Information and Software Technology
XMI2USE: A Tool for Transforming XMI to USE Specifications
ER '09 Proceedings of the ER 2009 Workshops (CoMoL, ETheCoM, FP-UML, MOST-ONISW, QoIS, RIGiM, SeCoGIS) on Advances in Conceptual Modeling - Challenging Perspectives
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Towards accuracy of role-based access control configurations in component-based systems
Journal of Systems Architecture: the EUROMICRO Journal
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Specification and analysis of access control policies for mobile applications
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Authorisation constraints can help the policy architect design and express higher-level security policies for organisations such as financial institutes or governmental agencies. Although the importance of constraints has been addressed in the literature, there does not exist a systematic way to validate and test authorisation constraints. In this paper, we attempt to specify non-temporal constraints and history-based constraints in Object Constraint Language (OCL) which is a constraint specification language of Unified Modeling Language (UML) and describe how we can facilitate the USE tool to validate and test such policies. We also discuss the issues of identification of conflicting constraints and missing constraints.