Object-oriented software engineering
Object-oriented software engineering
Scenario-based design: envisioning work and technology in system development
Scenario-based design: envisioning work and technology in system development
Effective methods for software testing
Effective methods for software testing
Role-Based Access Control Models
Computer
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Towards a more complete model of role
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The Unified Modeling Language user guide
The Unified Modeling Language user guide
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Mastering the requirements process
Mastering the requirements process
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Toward Reference Models for Requirements Traceability
IEEE Transactions on Software Engineering
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Design and implementation of a flexible RBAC-service in an object-oriented scripting language
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Requirements Engineering: Processes and Techniques
Requirements Engineering: Processes and Techniques
Testing Computer Software, Second Edition
Testing Computer Software, Second Edition
Access Control and Session Management in the HTTP Environment
IEEE Internet Computing
Experience with Goal-Scenario Coupling in Requirements Engineering
RE '99 Proceedings of the 4th IEEE International Symposium on Requirements Engineering
Engineering of Role/Permission Assignments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Five Reasons for Scenario-Based Design
HICSS '99 Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences-Volume 3 - Volume 3
Goal-Oriented Requirements Engineering: A Guided Tour
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
An approach to engineer and enforce context constraints in an RBAC environment
Proceedings of the eighth ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
A role administration system in role-based authorization infrastructures: design and implementation
Proceedings of the 2003 ACM symposium on Applied computing
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Mobile-driven architecture for managing enterprise security policies
Proceedings of the 44th annual Southeast regional conference
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Proceedings of the 13th ACM symposium on Access control models and technologies
Role engineering: From design to evolution of security schemes
Journal of Systems and Software
A class of probabilistic models for role engineering
Proceedings of the 15th ACM conference on Computer and communications security
Towards the development of privacy-aware systems
Information and Software Technology
HyDRo --- Hybrid Development of Roles
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
Law-aware access control for international financial environments
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
V-model approach for role engineering
ICCOMP'09 Proceedings of the WSEAES 13th international conference on Computers
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
A closer look to the V-model approach for role engineering
WSEAS Transactions on Computers
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 15th ACM symposium on Access control models and technologies
Role-based access control for a Grid system using OGSA-DAI and Shibboleth
The Journal of Supercomputing
Role mining in the presence of noise
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules
Proceedings of the 1st ACM International Health Informatics Symposium
Incorporating social-cultural contexts in role engineering: an activity theoretic approach
International Journal of Business Information Systems
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
Mining RBAC roles under cardinality constraint
ICISS'10 Proceedings of the 6th international conference on Information systems security
Proceedings of the first ACM conference on Data and application security and privacy
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Deriving role engineering artifacts from business processes and scenario models
Proceedings of the 16th ACM symposium on Access control models and technologies
Integrating business process modelling and ERP role engineering
International Journal of Business Information Systems
Deriving implementation-level policies for usage control enforcement
Proceedings of the second ACM conference on Data and Application Security and Privacy
Role engineering: from theory to practice
Proceedings of the second ACM conference on Data and Application Security and Privacy
A framework for modeling organization structure in role engineering
PARA'04 Proceedings of the 7th international conference on Applied Parallel Computing: state of the Art in Scientific Computing
Proceedings of the 50th Annual Southeast Regional Conference
Toward a safe integrated clinical environment: a communication security perspective
Proceedings of the 2012 ACM workshop on Medical communication systems
Access control for semantic data federations in industrial product-lifecycle management
Computers in Industry
Role approach in access control development with the usage control concept
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Role Mining with Probabilistic Models
ACM Transactions on Information and System Security (TISSEC)
Secure federation of semantic information services
Decision Support Systems
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Towards user-oriented RBAC model
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
An optimization framework for role mining
Journal of Computer Security
Behavior-based access control for distributed healthcare systems
Journal of Computer Security
| Hi-index | 0.00 |
In this paper we present a novel scenario-driven role engineering process for RBAC roles. The scenario concept is of central significance for the presented approach. Due to the strong human factor in role engineering scenarios are a good means to drive the process. We use scenarios to derive permissions and to define tasks. Our approach considers changeability issues and enables the straightforward incorporation of changes into affected models. Finally we discuss the experiences we gained by applying the scenario-driven role engineering process in three case studies.