Role-Based Access Control Models
Computer
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
Application of XML tools for enterprise-wide RBAC implementation tasks
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
A fine-grained, controllable, user-to-user delegation method in RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Fine-grained role-based delegation in presence of the hybrid role hierarchy
Proceedings of the eleventh ACM symposium on Access control models and technologies
USE: A UML-based specification environment for validating UML and OCL
Science of Computer Programming
Modeling and validating Mondex scenarios described in UML and OCL with USE
Formal Aspects of Computing
Delegation in role-based access control
International Journal of Information Security
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Scenario-Based Static Analysis of UML Class Models
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Enforcing Role-Based Access Control Policies in Web Services with UML and OCL
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Automated analysis of security-design models
Information and Software Technology
Consistency, Independence and Consequences in UML and OCL Models
TAP '09 Proceedings of the 3rd International Conference on Tests and Proofs
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Extensive validation of OCL models by integrating SAT solving into USE
TOOLS'11 Proceedings of the 49th international conference on Objects, models, components, patterns
Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL
SSIRI '11 Proceedings of the 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement
UML2Alloy: a challenging model transformation
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Information and Software Technology
| Hi-index | 0.00 |
Context: Role-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often role-based policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights and roles, respectively. This, however, makes access control more complex and error-prone, in particular, when delegation concepts interplay with SoD rules. Objective: A systematic way to specify and validate access control policies consisting of organizational rules such as SoD as well as delegation and revocation rules shall be developed. A domain-specific language for RBAC as well as delegation concepts shall be made available. Method: In this paper, we present an approach to the precise specification and validation of role-based policies based on UML and OCL. We significantly extend our earlier work, which proposed a UML-based domain-specific language for RBAC, by supporting delegation and revocation concepts. Result: We show the appropriateness of our approach by applying it to a banking application. In particular, we give three scenarios for validating the interplay between SoD rules and delegation/revocation. Conclusion: To the best of our knowledge, this is the first attempt to formalize advanced RBAC concepts, such as history-based SoD as well as various delegation and revocation schemes, with UML and OCL. With the rich tool support of UML, we believe our work can be employed to validate and implement real-world role-based policies.