Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A rule-based framework for role based delegation
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Administrative scope and role hierarchy operations
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Toward open, secure, widely distributed services
Communications of the ACM - Adaptive middleware
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
A Framework for Organisational Control Principles
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Detecting Conflicts in a Role-Based Delegation Model
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A case study of separation of duty properties in the context of the Austrian "eLaw" process.
Proceedings of the 2005 ACM symposium on Applied computing
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
A framework for evidence lifecycle management
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Revocation of obligation and authorisation policy objects
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
| Hi-index | 0.00 |
This paper presents a case study of the organisational control principles present in a credit application process at the branch level of a bank. The case study has been performed in the context of an earlier suggested formal framework [6] for organisational control principles based on the Alloy predicate logic and its facilities for automated formal analysis and exploration [2].In particular, we establish and validate the novel concepts of specific and general obligations. The delegation of these two kinds of obligations must be controlled by means of review and supervision controls. The example of a credit application process is used to discuss these organisational controls.