Role slices: A notation for RBAC permission assignment and enforcement

Lecture Notes in Computer Science

Volumn 3654, Issue , 2005, Pages 40-53

  Pavlich Mariscal, J A ^a   Doan, T ^a   Michel, L ^a   Demurjian, S A ^a   Ting, T C ^a  

^a University of Connecticut   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER PROGRAMMING; COMPUTER PROGRAMMING LANGUAGES; COMPUTER SOFTWARE; SECURITY OF DATA; ACCESS CONTROL; APPLICATION PROGRAMS; ASPECT ORIENTED PROGRAMMING; AUTHENTICATION; AUTOMATIC PROGRAMMING; LIFE CYCLE; MOBILE SECURITY; MODELING LANGUAGES; SOFTWARE ARCHITECTURE; SOFTWARE DESIGN; UNIFIED MODELING LANGUAGE;

MODEL-DRIVEN ARCHITECTURES; SOFTWARE APPLICATIONS; UNIFIED MODELING LANGUAGE (UML); ASPECT-ORIENTED PROGRAMMING (AOP); AUTOMATIC GENERATION; INTEGRATION OF SECURITY; PRODUCT LIFE CYCLES; ROLE-BASED ACCESS CONTROL; SECURITY ENFORCEMENT; SOFTWARE INFRASTRUCTURE;

COMPUTATIONAL COMPLEXITY; SECURITY OF DATA;

EID: 26444453610     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/11535706_4     Document Type: Conference Paper

References (20)

1. K. Alghathbar and D. Wijesekera. authUML: a three-phased framework to analyze access control specifications in use cases. In FMSE '03: Proceedings of the 2003 ACM workshop on Formal methods in security engineering, pages 77-86. ACM Press, 2003.
2. K. Alghathbar and D. Wijeskera. Consistent and complete access control policies in use cases. In Perdita Stevens, Jon Whittle, and Grady Booch, editors, UML 2003 - The Unified Modeling Language. Model Languages and Applications. 6th International Conference, San Francisco, CA, USA, October 2003, Proceedings, volume 2863 of LNCS, pages 373-387. Springer, 2003.
3. D. Basin, J. Doser, and T. Lodderstedt. Model driven security, Engineering Theories of Software Intensive Systems. 2004.
4. D. Bell and L. LaPadula. Secure computer systems: Mathematical foundations model. Technical report, Mitre Corporation, 1975.
5. S. Clarke. Composition of object-oriented software design models. PhD thesis, Dublin City University, January 2001.
6. B. De Win, B. Vanhaute, and B. De Decker. Security through aspect-oriented programming. In Proceedings of the IFIP TC11 WG 11.4 First Annual Working Conference on Network Security, pages 125-138. Kluwer, B.V., 2001.
7. T. Doan, S. Demurjian, R. Ammar, and T.C. Ting. UML design with security integration as a first class citizen. In Proc. of 3rd Intl. Conf. on Computer Science, Software Engineering, Information Technology, e-Business, and Applications (CSITeA '04), Cairo, December 2004.
8. T. Doan, S. Demurjian, T.C. Ting, and A. Ketterl. MAC and UML for secure software design. In Proc. of 2nd ACM Wksp. on Formal Methods in Security Engineering, Washington D.C., October 2004.
9. T. Doan, S. Demurjian, T.C. Ting, and C. Phillips. RBAC/MAC security for UML. In C. Farkas and P. Samarati, editors, Research Directions in Data and Applications Security XVIII, July 2004.
10. P. Epstein and R. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the fourth ACM workshop on Role-based access control, pages 135-143, 1999.
11. D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554-563, 1992.
12. D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274, 2001.
13. W. Harrison and H. Ossher. Subject-oriented programming: a critique of pure objects. In Proceedings of the eighth annual conference on Object-oriented programming systems, languages, and applications, pages 411-428, 1993.
14. J. Jürjens. UMLsec: Extending UML for secure systems development. In Proceedings of the 5th International Conference on The Unified Modeling Language, pages 412-425. Springer-Verlag, 2002.
15. G. Kiczales. Aspect-oriented programming. ACM Comput. Surv., 28(4es):154, 1996.
16. T. Lodderstedt, D.A. Basin, and J. Doser. SecureUML: A UML-based modeling language for model-driven security. In Proceedings of the 5th International Conference on The Unified Modeling Language, pages 426-441. Springer-Verlag, 2002.
17. OMG. OMG-unified modeling language, v.l.5. UML Resource Page http://www.omg.org/uml, March 2003.
18. E. Song, R. Reddy, R. France, I. Ray, G. Georg, and R. Alexander. Verifiable composition of access control features and applications. In Proceedings of 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), 2005.
19. P. Tarr, H. Ossher, W. Harrison, and M. Sutton, Jr. Stanley. N degrees of separation: multi-dimensional separation of concerns. In Proceedings of the 21st international conference on Software engineering, pages 107-119. IEEE Computer Society Press, 1999.
20. D. Thomsen, D. O'Brien, and J. Bogle. Role based access control framework for network enterprises. In Proceedings of 14th Annual Computer Security Application Conference, pages 50-58, Phoenix, AZ, December 7-11 1998.