Software engineer's reference book
Software engineer's reference book
Software process modelling and technology
Software process modelling and technology
Role-Based Access Control Models
Computer
Role based access control with the security administration manager (SAM)
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Eliciting software process models with the E3 language
ACM Transactions on Software Engineering and Methodology (TOSEM)
The unified software development process
The unified software development process
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Three for one: role-based access-control management in rapidly changing heterogeneous environments
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Software engineering (6th ed.)
Software engineering (6th ed.)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Software Engineering: A Practitioner's Approach
Software Engineering: A Practitioner's Approach
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
A role administration system in role-based authorization infrastructures: design and implementation
Proceedings of the 2003 ACM symposium on Applied computing
Proceedings of the ninth ACM symposium on Access control models and technologies
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
Rule support for role-based access control
Proceedings of the tenth ACM symposium on Access control models and technologies
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Mobile-driven architecture for managing enterprise security policies
Proceedings of the 44th annual Southeast regional conference
Role engineering using graph optimisation
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
Proceedings of the 13th ACM symposium on Access control models and technologies
Security for Enterprise Resource Planning Systems
Information Systems Security
HyDRo --- Hybrid Development of Roles
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
Using user context for accessing IT resources
Proceedings of the first international workshop on Context-aware software technology and applications
A function-based user authority delegation model
Information Sciences: an International Journal
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Incorporating social-cultural contexts in role engineering: an activity theoretic approach
International Journal of Business Information Systems
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
A new role mining framework to elicit business roles and to mitigate enterprise risk
Decision Support Systems
Mining RBAC roles under cardinality constraint
ICISS'10 Proceedings of the 6th international conference on Information systems security
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
Integrating business process modelling and ERP role engineering
International Journal of Business Information Systems
DASFAA'10 Proceedings of the 15th international conference on Database Systems for Advanced Applications - Volume Part I
| Hi-index | 0.00 |
Roles are a powerful and policy neutral concept for facilitating distributed systems management and enforcing access control. Models which are now subject to becoming a standard have been proposed and much work on extensions to these models has been done over the last years as documented in the recent RBAC/SACMAT workshops. When looking at these extensions we can often observe that they concentrate on a particular stage in the life of a role. We investigate how these extensions fit into a more general theoretical framework in order to give practitioners a starting point from which to develop role-based systems. We believe that the life-cycle of a role could be seen as the basis for such a framework and we provide an initial discussion on such a role life-cycle, based on our experiences and observations in enterprise security management. We propose a life-cycle model that is based on an iterative-incremental process similar to those found in the area of software development.