Role-Based Access Control Models
Computer
Constraints for role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
A problem-oriented analysis of basic UML static requirements modeling concepts
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Application of XML tools for enterprise-wide RBAC implementation tasks
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
The Object Constraint Language: Getting Your Models Ready for MDA
The Object Constraint Language: Getting Your Models Ready for MDA
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Unified Modeling Language Reference Manual, The (2nd Edition)
Unified Modeling Language Reference Manual, The (2nd Edition)
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
GEO-RBAC: a spatially aware RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
A verification framework for access control in dynamic web applications
C3S2E '09 Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering
Role-based access control (RBAC) in Java via proxy objects using annotations
Proceedings of the 15th ACM symposium on Access control models and technologies
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Model checking security policy model using both UML static and dynamic diagrams
Proceedings of the 4th international conference on Security of information and networks
Recovering role-based access control security models from dynamic web applications
ICWE'12 Proceedings of the 12th international conference on Web Engineering
| Hi-index | 0.00 |
There still exists an open question on how formal models can be fully realized in the system development phase. The Model Driven Development (MDD) approach has been recently introduced to deal with such a critical issue for building high assurance software systems. There still exists an open question on how formal models can be fully realized in the system development phase. The Model Driven Development (MDD) approach has been recently introduced to deal with such a critical issue for building high assurance software systems. The MDD approach focuses on the transformation of high-level design models to system implementation modules. However, this emerging development approach lacks an adequate procedure to address security issues derived from formal security models. In this paper, we propose an empirical framework to integrate security model representation, security policy specification, and systematic validation of security model and policy, which would be eventually used for accommodating security concerns during the system development. We also describe how our framework can minimize the gap between security models and the development of secure systems. In addition, we overview a proof-of-concept prototype of our tool that facilitates existing software engineering mechanisms to achieve the above-mentioned features of our framework.