Abstract
Role-based access control (RBAC) is a popular access control model for enterprise systems due to its economic benefit and scalability. There are many RBAC features available, each providing a different feature. Not all features are needed for an RBAC system. Depending on the requirements, one should be able to configure RBAC by selecting only those features that are needed for the requirements. However, there have not been suitable methods that enable RBAC configuration at the feature level. This paper proposes an approach for systematic RBAC configuration using a combination of feature modeling and UML modeling. The approach describes feature modeling and design principles for specifying and verifying RBAC features and a composition method for building configured RBAC. We demonstrate the approach by building an RBAC configuration for a bank application.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Trans. on Information and Systems Security 4(3) (2001)
Bertino, E., Bonatti, P., Ferrari, E.: TRBAC: A Temporal Role-based Access Control Model. ACM Trans. on Information and Systems Security 4(3), 191–223 (2001)
Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, second edition. Artech House (2007)
Ramaswamy, C., Sandhu, R.: Role-Based Access Control Features in Commercial Database Management Systems. In: Proc. of the 21st NIST-NCSC Conference (1998)
Kang, K., Cohen, S., Hess, J., Nowak, W., Peterson, S.: Feature-Oriented Domain Analysis (FODA) Feasibility Study. Technical Report CMU/SEI-90TR-21 (1990)
The Object Management Group (OMG): Unified Modeling Language: Superstructure. Version 2.1.2 formal/07-11-02, OMG (November 2007), http://www.omg.org
Shin, M., Ahn, G.: UML-Based Representation of Role-Based Access Control. In: Proc. of IEEE Int. Workshop on Enabling Technologies, pp. 195–200 (2000)
Warmer, J., Kleppe, A.: The Object Constraint Language Second Edition: Getting Your Models Ready for MDA. Addison Wesley, Reading (2003)
Kim, D., Ray, I., France, R., Li, N.: Modeling Role-Based Access Control Using Parameterized UML Models. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 180–193. Springer, Heidelberg (2004)
Priebe, T., Fernandez, E., Mehlau, J., Pernul, G.: A Pattern System for Access Control. In: Proc. of Conf. on Data and Application Security, pp. 22–28 (2004)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)
Jurjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Proc. of the 5th Int. Conf. on the UML, Dresden, Germany, pp. 412–425 (2002)
Harrison, M., Ruzzo, W., Ullman, J.: Protection in Operating Systems. Communications of the ACM 19(8), 461–471 (1976)
Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Proc. of the 5th Int. Conf. on the UML, Dresden, Germany, pp. 426–441 (2002)
Doan, T., Demurjian, S., Phillips, C., Ting, T.: Research Directions in Data and Applications Security XVIII. In: Proc. of the 18th IFIP TC11/WG 11.3 Annual Conf. on Data and Applications Security, Catalonia, Spain, pp. 25–28 (2004)
Clarke, S., Walker, R.: Composition Patterns: An Approach to Designing Reusable Aspects. In: Proc. of Int. Conf. on Software Engineering, pp. 5–14 (2001)
Reddy, R., Solberg, A., France, R., Ghosh, S.: Composing Sequence Models using Tags. In: Proc. of MoDELS Workshop on Aspect Oriented Modeling (2006)
Song, E., Reddy, R., France, R., Ray, I., Georg, G., Alexander, R.: Verifiable Composition of Access Control and Application Features. In: Proc. of the 10th ACM Symp. on Access Control Models and Technologies, Stockholm, Sweden, pp. 120–129 (2005)
Straw, G., Georg, G., Song, E., Ghosh, S., France, R., Bieman, J.: Model Composition Directives. In: Proc. of the 7th Int. Conf. on the UML, Lisbon, Portugal (2004)
Brady, A.F.: A Taxonomy of Inheritance Semantics. In: Proc. of the 7th Int. Workshop on Software Specification and Design, Redondo Beach, California, pp. 194–203 (1993)
Störrle, H.: Semantics of interactions in UML 2.0. In: Proceedings of IEEE Symposium on Human Centric Computing Languages and Environments
Chandramouli, R.: Application of XML Tools for Enterprise-Wide RBAC Implementation Tasks. In: Proc. of Workshop on Role-based Access Control (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, DK., Lu, L., Kim, S. (2010). A Verifiable Modeling Approach to Configurable Role-Based Access Control. In: Rosenblum, D.S., Taentzer, G. (eds) Fundamental Approaches to Software Engineering. FASE 2010. Lecture Notes in Computer Science, vol 6013. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12029-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-12029-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12028-2
Online ISBN: 978-3-642-12029-9
eBook Packages: Computer ScienceComputer Science (R0)