Modelling context-aware RBAC models for mobile business processes

Authors:
Sigrid Schefer-Wenzl;Mark Strembeck
Affiliations:
Institute for Information Systems and New Media, WU Vienna, Austria/ Competence Center for IT-Security, University of Applied Sciences Campus Vienna, Vienna, Austria;Institute for Information Systems and New Media, WU Vienna, Austria
Venue:
International Journal of Wireless and Mobile Computing
Year:
2013

Citing 50
Cited 0

Role-Based Access Control Models

Computer
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Deriving Petri Nets from Finite Transition Systems

IEEE Transactions on Computers
Modeling and Analysis of Workflows Using Petri Nets

Journal of Intelligent Information Systems - Special issue on workflow management systems
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A comparison of the views of business and IT management on success factors for strategic alignment

Information and Management
Flexible team-based access control using contexts

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for Workflows

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Context-Sensitive Access Control Model and Prototype Implementation

Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Guidelines of Business Process Modeling

Business Process Management, Models, Techniques, and Empirical Studies
Task-role-based access control model

Information Systems
Pervasive Enablement of Business Processes

PERCOM '04 Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04)
Role-based access control in ambient and remote space

Proceedings of the ninth ACM symposium on Access control models and technologies
Technology for Care Networks of Elders

IEEE Pervasive Computing
The Consistency of Task-Based Authorization Constraints in Workflow Systems

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
An integrated approach to engineer and enforce context constraints in RBAC environments

ACM Transactions on Information and System Security (TISSEC)
Context-Based Access Control Management in Ubiquitous Environments

NCA '04 Proceedings of the Network Computing and Applications, Third IEEE International Symposium
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
GEO-RBAC: a spatially aware RBAC

Proceedings of the tenth ACM symposium on Access control models and technologies
Embedding Policy Rules for Software-Based Systems in a Requirements Context

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
ContextUML: A UML-Based Modeling Language for Model-Driven Development of Context-Aware Web Services Development

ICMB '05 Proceedings of the International Conference on Mobile Business
Secure Business Process Management: A Roadmap

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Inter-instance authorization constraints for secure workflow management

Proceedings of the eleventh ACM symposium on Access control models and technologies
Compliance Deconstructed

Queue - Compliance
Role-Based Access Control, Second Edition

Role-Based Access Control, Second Edition
CMP: A UML Context Modeling Profile for Mobile Distributed Systems

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Object-based and class-based composition of transitive mixins

Information and Software Technology
XOTcl: an object-oriented scripting language

TCLTK'00 Proceedings of the 7th conference on USENIX Tcl/Tk - Volume 7
Security mechanisms and vulnerabilities in the IEEE 802.15.3 wireless personal area networks

International Journal of Wireless and Mobile Computing
Security mechanisms, attacks and security enhancements for the IEEE 802.11 WLANs

International Journal of Wireless and Mobile Computing
Context-aware role-based access control in pervasive computing systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Modeling contextual security policies

International Journal of Information Security
PCP: privacy-aware context profile towards context-aware application development

Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services
From business process models to process-oriented software systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
An MDA-Based Environment for Generating Access Control Policies

TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Scenario-Driven Role Engineering

IEEE Security and Privacy
Modeling of task-based authorization constraints in BPMN

BPM'07 Proceedings of the 5th international conference on Business process management
Google Android: A Comprehensive Security Assessment

IEEE Security and Privacy
A framework of online chain store integrated with personalised recommendation for e-commerce

International Journal of Wireless and Mobile Computing
From goal-driven security requirements engineering to secure design

International Journal of Intelligent Systems - Goal-driven Requirements Engineering
Generic algorithms for consistency checking of mutual-exclusion and binding constraints in a business process context

OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models

Information and Software Technology
Implicit interaction design for pervasive workflows

Personal and Ubiquitous Computing
Mobile Security: Finally a Serious Problem?

Computer
Mobile Attacks and Defense

IEEE Security and Privacy
Experiences from real-world deployment of context-aware technologies in a hospital environment

UbiComp'06 Proceedings of the 8th international conference on Ubiquitous Computing
Behaviour adaptation of context-aware web services in pervasive computing environment

International Journal of Wireless and Mobile Computing
Access control: principle and practice

IEEE Communications Magazine
Modeling Context-Aware RBAC Models for Business Processes in Ubiquitous Computing Environments

MUSIC '12 Proceedings of the 2012 Third FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

In a mobile computing environment, distributed business processes are executed in varying contexts. Context-aware access control mechanisms help to protect sensitive data and services in mobile application scenarios. Context constraints are a means to consider context information in access control decisions. In this paper, we integrate context constraints with process-related role-based access control RBAC to support the secure and context-dependent task execution. In particular, we specify a formal metamodel for process-related and context-aware RBAC models. Subsequently, we define a domain-specific extension for UML Activity diagrams that enables the integrated modelling of context constraints and business processes. In addition, we implemented a software platform that enables the specification and enforcement of process-related context-aware RBAC policies.