Role-Based Access Control Models
Computer
Aris-Business Process Modeling
Aris-Business Process Modeling
UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Multi-perspective Enterprise Modeling (MEMO) - Conceptual Framework and Modeling Languages
HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 3 - Volume 3
Model-Driven Security Based on a Web Services Security Architecture
SCC '05 Proceedings of the 2005 IEEE International Conference on Services Computing - Volume 01
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
A constraint based role based access control in the SECTET a model-driven approach
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Enterprise Architecture at Work: Modelling, Communication, and Analysis
Enterprise Architecture at Work: Modelling, Communication, and Analysis
Hi-index | 0.00 |
The research presented in this paper is aimed at developing a holistic modelling method that comprehensively considers and integrates technical, organizational, behavioral and business aspects -- all crucial to create and manage secure IT systems. Our method relies on Multi-perspective Enterprise Modeling (MEMO) and extends it to support security concepts. The focus of this paper is twofold: 1. identifying opportunities for using enterprise models for generating security related code; 2. defining requirements, which should be satisfied by the modelling method in order to support such security-related code generation. In order to identify opportunities for code generation, we apply a technique for developing domain specific modelling languages (DSML) that is chiefly based on a structured analysis of use scenarios including prototypical diagrams. It is supplemented by work found in literature and validated with practitioners. Our analysis results in the identification of three areas in which MEMO IT security models can be used for automatic creation of code: access control, report generation and encryption and in 9 corresponding requirements that the modelling language should satisfy.