Role-Based Access Control Models
Computer
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Role delegation in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
eXist: An Open Source Native XML Database
Revised Papers from the NODe 2002 Web and Database-Related Workshops on Web, Web-Services, and Database Systems
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Role-Based Delegation Model/ Hierarchical Roles (RBDM1)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Software—Practice & Experience
Towards secure information sharing using role-based delegation
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Delegation in role-based access control
International Journal of Information Security
An Aspect-Oriented and Model-Driven Approach for Managing Dynamic Variability
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Transforming and Selecting Functional Test Cases for Security Policy Testing
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Taming Dynamically Adaptive Systems using models and aspects
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Dynamic event-based access control as term rewriting
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
A delegation model for extended RBAC
International Journal of Information Security
Security-driven model-based dynamic adaptation
Proceedings of the IEEE/ACM international conference on Automated software engineering
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Weaving executability into object-oriented meta-languages
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Hi-index | 0.00 |
Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that have been studied in a MDE perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. User delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper analyses the main hard-points for introducing various delegation semantics in model-driven security and proposes a model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different systems.