Constraints for role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Application of XML tools for enterprise-wide RBAC implementation tasks
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
TRBAC: a temporal role-based access control model
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
A Flexible Method for Information System Security Policy Specification
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Role-Based Modeling Language (RBML) to Characterize Model Families
ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
The Object Constraint Language: Getting Your Models Ready for MDA
The Object Constraint Language: Getting Your Models Ready for MDA
Flexible security policies in SQL
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Information flow property preserving transformation of UML interaction diagrams
Proceedings of the eleventh ACM symposium on Access control models and technologies
Composing aspect models with graph transformations
Proceedings of the 2006 international workshop on Early aspects at ICSE
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
On the Formal Analysis of a Spatio-temporal Role-Based Access Control Model
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
International Journal of Computer Integrated Manufacturing
Towards the development of privacy-aware systems
Information and Software Technology
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
International Journal of Computer Integrated Manufacturing
From Formal Access Control Policies to Runtime Enforcement Aspects
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Ensuring spatio-temporal access control for real-world applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Expert Systems with Applications: An International Journal
A UML profile for role-based access control
Proceedings of the 2nd international conference on Security of information and networks
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
A feature-based approach for modeling role-based access control systems
Journal of Systems and Software
Security and trust requirements engineering
Foundations of Security Analysis and Design III
Ontology-Based RBAC specification for interoperation in distributed environment
ASWC'06 Proceedings of the First Asian conference on The Semantic Web
Modeling social and individual trust in requirements engineering methodologies
iTrust'05 Proceedings of the Third international conference on Trust Management
Specification and validation of authorisation constraints using UML and OCL
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Directives for composing aspect-oriented design class models
Transactions on Aspect-Oriented Software Development I
Performance analysis for workflow management systems under role-based authorization control
GPC'12 Proceedings of the 7th international conference on Advances in Grid and Pervasive Computing
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Specification and analysis of access control policies for mobile applications
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Organizations use Role-Based Access Control (RBAC) to protect information resources from unauthorized access. We propose an approach, based on the Unified Modeling Language (UML), that shows how RBAC policies can be systematically incorporated into an application design. We consider an RBAC model to be a pattern which we express using UML diagram templates; RBAC policies for an application conforming to this model can be generated by instantiating these templates with values obtained from the application. The constraints of the RBAC model are expressed using the Object Constraint Language (OCL). OCL constraints, based on first-order logic, are difficult to understand. To alleviate this problem, we show how violation of such constraints can be visually represented using object diagram templates. With adequate tool support, developers can use these to demonstrate constraint violations in their applications. Our approach is illustrated using a small banking application.