Constraints for role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The object constraint language: precise modeling with UML
The object constraint language: precise modeling with UML
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Role engineering: From design to evolution of security schemes
Journal of Systems and Software
Access control coherence of information systems based on security constraints
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Representation of extended RBAC model using UML language
SOFSEM'05 Proceedings of the 31st international conference on Theory and Practice of Computer Science
| Hi-index | 0.00 |
The paper deals with management of accesscontrol in an information system. It is suggested that the security of an information system should be a task solved on two principal levels: system development level and security administration level. Consequently, the responsibility for creating e每ective security measuresfor an information system ought to lie with boththe application developer and the global administration. Moreover, sets of security constraintsshould be formulated also on those two levels.The paper de陆nes requirements and obligations of each level using adapted tools based onthe role-based access control (RBAC) model andemploying the object-oriented conception methodwith UML (Unified Modeling Language).It is shown how the process of addition of anew application to an information system maybe automated and how the administrator can beassisted in detecting incoherences or/and determining new relations between the elements existing in a system, such as roles or permissions.