Scenario-driven role engineering

IEEE Security and Privacy

Volumn 8, Issue 1, 2010, Pages 28-35

  Strembeck, Mark ^a  

^a VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

Role engineering; Role based access control; Security management

Indexed keywords

ACCESS CONTROL POLICIES; CONSULTING FIRMS; DE FACTO STANDARD; ENGINEERING ACTIVITIES; INTERNATIONAL PROJECTS; PROCESS TAILORING; RBAC MODEL; ROLE ENGINEERING; ROLE HIERARCHY; ROLE-BASED ACCESS CONTROL; SOFTWARE-BASED;

INDUSTRIAL MANAGEMENT; MODELS; NETWORK SECURITY; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 77249095368     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2010.46     Document Type: Article

References (14)

1. D.F. Ferraiolo and D.R. Kuhn, "Role-Based Access Controls," Proc. 15th Nat'l Computer Security Conf., NIST, 1992, pp. 554-563; http://csrc.nist.gov/groups/ SNS/rbac/documents/ferraiolo-kuhn-92.pdf.
2. R.S. Sandhu et al., "Role-Based Access Control Models," Computer, vol.29, no.2, 1996, pp. 38-47.
3. D.F. Ferraiolo, D.R. Kuhn, and R. Chandramouli, Role-Based Access Control, 2nd ed., Artech House, 2007.
4. G. Neumann and M. Strembeck, "A Scenario-Driven Role-Engineering Process for Functional RBAC Roles," Proc. 7th ACM Symp. Access Control Models and Technologies (SACMAT 02), ACM Press, 2002, pp. 33-42.
5. J.M. Carroll, ed., Scenario-Based Design: Envisioning Work and Technology in System Development, John Wiley & Sons, 1995.
6. M. Jarke, X.T. Bui, and J.M. Carroll, "Scenario Management: An Interdisciplinary Approach," Requirements Eng. J., vol.3, nos. 3-4, 1998, pp. 155-173.
7. M. Strembeck and G. Neumann, "An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments," ACM Trans. Information and System Security, vol.7, no.3, 2004, pp. 392-427.
8. J. Mendling et al., "An Approach to Extract RBAC Models from BPEL4WS Processes," Proc. 13th IEEE Int'l Workshop Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE 04), IEEE CS Press, 2004, pp. 81-86.
9. M. Strembeck, "Embedding Policy Rules for Software- Based Systems in a Requirements Context," Proc. 6th IEEE Int'l Workshop Policies for Distributed Systems and Networks (POLICY 05), IEEE CS Press, 2005, pp. 235-238.
10. O. Gotel and A. Finkelstein, "An Analysis of the Requirements Traceability Problem," Proc. IEEE Int'l Conf. Requirements Eng. (ICRE 94), IEEE CS Press, 1994, pp. 94-101.
11. B. Ramesh and M. Jarke, "Toward Reference Models for Requirements Traceability," IEEE Trans. Software Eng., vol.27, no.1, 2001, pp. 58-93.
12. M. Strembeck, "A Role Engineering Tool for Role- Based Access Control," Proc. 3rd Symp. Requirements Eng. for Information Security (SREIS 05), 2005; www. sreis.org/SREIS-05-Program/full7
13. E.J. Coyne et al., "Role Engineering in Healthcare: Process, Results, and Lessons Learned," Dec. 2004, www.va.gov/rbac/.
14. E.J. Coyne and J.M. Davis, Role Engineering for Enterprise Security Management, Artech House, 2008.