Role-Based Access Control Models
Computer
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
The Object Constraint Language: Getting Your Models Ready for MDA
The Object Constraint Language: Getting Your Models Ready for MDA
Role-Based Access Control
The rcl 2000 language for specifying role-based authorization constraints
The rcl 2000 language for specifying role-based authorization constraints
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Unified Modeling Language Reference Manual, The (2nd Edition)
Unified Modeling Language Reference Manual, The (2nd Edition)
Formal specification of role-based security policies for clinical information systems
Proceedings of the 2005 ACM symposium on Applied computing
Validating UML models and OCL constraints
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology
A system for visual role-based policy modelling
Journal of Visual Languages and Computing
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Enhancing directory virtualization to detect insider activity
Security and Communication Networks
| Hi-index | 0.00 |
Nowadays, more and more security-relevant data are stored on computer systems; security-critical business processes are mapped to their digital pendants. This situation applies to various critical infrastructures requiring that different security requirements must be fulfilled. It demands a way to design and express higher-level security policies for such critical organizations. In this paper we focus on authorisation policies to demonstrate how software engineering techniques can help validate authorisation constraints and enforce access control policies. Our approach leverages features and functionalities of the UML/OCL modeling methods as well as model driven approach to represent and specify authorisation model and constraints. Using our authorisation constraints editor, we articulate role-based authorisation policies. Also, we attempt to validate and enforce such constraints with the USE (UML Specification Environment) tool.