A feature-based approach for modeling role-based access control systems

Journal of Systems and Software

Volumn 84, Issue 12, 2011, Pages 2035-2052

  Kim, Sangsig ^a   Kim, Dae Kyoo ^a   Lu, Lunjin ^a   Kim, Suntae ^b   Park, Sooyong ^c  

^a Oakland University   (United States)

^b Kangwon National University   (South Korea)

^c Sogang University   (South Korea)

Author keywords

Feature modeling; Role based access control; UML

Indexed keywords

ACCESS CONTROL MODELS; CONFIGURATION RULES; DESIGN PRINCIPLES; ENTERPRISE SYSTEM; FEATURE MODELING; FEATURE-BASED; ROLE-BASED ACCESS CONTROL; SYSTEM DEVELOPMENT; TOOL SUPPORT; UML; UML MODELING;

SEMANTICS;

ACCESS CONTROL;

EID: 80053564799     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2011.03.084     Document Type: Article

References (51)

1. M. Acher, P. Collet, P. Lahire, and R. France Composing feature models. Proceedings of the 2nd International Conference on Software Language Engineering (SLE'09) Denver, Colorado 2009 62 81
2. V. Alves, R. Gheyi, T. Massoni, U. Kulesza, P. Borba, and C. Lucena Refactoring product lines. Proceedings of the 5th international conference on Generative Programming and Component Engineering 2006 201 210 (Pubitemid 47168639)
3. M. Antkiewicz, and K. Czarnecki FeaturePlugin: feature modeling plug-in for eclipse. Proceedings of the Workshop on Eclipse Technology Exchange Vancouver, Canada 2004 67 72
4. Apel, S.; Grös̈linger, A.; Kästner, C.; Lengauer, C.; 2009. Type-safe Feature-oriented Product Lines. Technical Report MIP-0909, Department of Informatics and Mathematics, University of Passau.
5. D. Batory Feature models, grammars, and propositional formulas Proceedings of the International Software Product Line Conference (SPLC) 2005 7 20
6. Bell, D.E.; LaPadula, L.J.; July 1975. Secure Computer System: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997, MITRE Corporation, Bedford, MA.
7. E. Bertino, P. Bonatti, and E. Ferrari TRBAC: a temporal role-based access control model ACM Transactions on Information and Systems Security 4 3 2001 191 223
8. Biba, K.J.; 1977. Integrity Considerations for Secure Computer Systems. Technical Report ESD-TR-76-372, Bedford, MA. Air Force Electronic Systems Division.
9. A.F. Brady A taxonomy of inheritance semantics. Proceedings of the 7th International Workshop on Software Specification and Design Redondo Beach, California 1993 194 203
10. R. Chandramouli Application of XML tools for enterprise-wide RBAC implementation tasks. Proceedings of the 5th ACM Workshop on Role-based Access Control Berlin, Germany 2000
11. S. Clarke, and R. Walker Composition patterns: an approach to designing reusable aspects. Proceedings of the 23rd International Conference on Software Engineering Toronto, Canada 2001 5 14 (Pubitemid 32485633)
12. K. Czarnecki, and M. Antkiewicz Mapping features to models: a template approach based on superimposed variants. Proceedings of the 4th International Conference on Generative Programming and Component Engineering 2005 422 437
13. Czarnecki, K.; Kim, C.H.P.; 2005. Cardinality-based feature modeling and constraints: a progress report. In: Proceedings of International Workshop on Software Factories, San Diego, California. http://www.ece.uwaterloo.ca/kczarnec/ sf05.pdf.
14. K. Czarnecki, and A. Wasowski Feature diagrams and logics: there and back again. Proceedings of the 11th International Software Product Line Conference 2007 23 34
15. T. Doan, S. Demurjian, T. Ting, and C. Phillips RBAC/MAC security For UML. Proceedings of IFIP TC11/WG 11.3 Annual Conference on Data and Applications Security Catalonia, Spain 2004 189 202
16. D. Ferraiolo, and D.R. Kuhn Role-based access control. Proceedings of the NIST-NSA National (USA) Computer Security Conference 1992 554 563
17. D. Ferraiolo, D.R. Kuhn, and R. Chandramouli Role-Based Access Control 2nd edn 2007 Artech House
18. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli Proposed NIST standard for role-based access control ACM Transactions on Information and Systems Security 4 3 2001 224 274
19. E. Gamma, R. Helm, R. Johnson, and J. Vlissides Design Patterns: Elements of Reusable Object-Oriented Software 1995 Addison-Wesley
20. R. Gheyi, T. Massoni, and P. Borba A theory for feature models in alloy. Proceedings of the 1st Alloy Workshop 2006 71 80
21. M.H. Harrison, W.L. Ruzzo, and J.D. Ullman Protection in operating systems Communications of the ACM 19 8 1976 461 471
22. He, Q.; 2003. Privacy Enforcement with an Extended Role-Based Access Control Model. Technical Report TR-2003-09, Computer Science Department, North Carolina State University, Raleigh, NC.
23. J. Jurjens UMLsec: extending UML for secure systems development. Proceedings of the 5th International Conference on the Unified Modeling Language Dresden, Germany 2002 412 425
24. Kang, K.; Cohen, S.; Hess, J.; Nowak, W.; Peterson, S.; 1990. Feature-Oriented Domain Analysis (FODA) Feasibility Study. Technical Report CMU/SEI-90TR-21, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania.
25. Kim, D.; Lu, L.; Kim, S.; June 2009. A Modeling Approach to Configurable Role-Based Access Control. Technical Report CSE-09-TR-0601, CSE Department, Oakland University, Rochester, MI.
26. D. Kim, L. Lu, and S. Kim A verifiable modeling approach to configurable role-based access control. Proceedings of the 13th Fundamental Approaches to Software Engineering (FASE/ETAPS) Paphos, Cyprus 2010 188 202
27. D. Kim, I. Ray, R. France, and N. Li Modeling role-based access control using parameterized UML models. Proceedings of the 7th Fundamental Approaches to Software Engineering (FASE/ETAPS) Barcelona, Spain 2004 180 193
28. S. Kim, D. Kim, L. Lu, and S. Park Quality-driven architecture development using architectural tactics Journal of Systems and Software 82 8 2009 1211 1231
29. J. Klein, F. Fleurey, and J. Jezequel Weaving multiple aspects in sequence diagrams Transactions on Aspect-Oriented Software Development 3 2007 167 199 (Pubitemid 351152727)
30. M. Kuhlemann, D. Batory, and C. Kästner Safe composition of non-monotonic features. Proceedings of the 8th International Conference on Generative Programming and Component Engineering Denver, Colorado 2009 177 186
31. A. Kumar, N.M. Karnik, and G. Chafle Context sensitivity in role-based access control ACM SIGPOS Operating Systems Review 36 3 2002 53 66 (Pubitemid 41107669)
32. T. Lodderstedt, D.A. Basin, and J. Doser SecureUML: a UML-based modeling language for model-driven security. Proceedings of the 5th International Conference on the Unified Modeling Language Dresden, Germany 2002 426 441
33. A. Metzger, P. Heymans, K. Pohl, P.-Y. Schobbens, and G. Saval Disambiguating the documentation of variability in software product lines: a separation of concerns, formalization and automated analysis Proceedings of the International Conference on Requirements Engineering 2007 243 253
34. G. Perrouin, J. Klein, N. Guelfi, and J.M. Jezequel Reconciling automation and flexibility in product derivation. Proceedings of the 12th International Software Product Line Conference 2008 339 348
35. T. Priebe, E.B. Fernandez, J.I. Mehlau, and G. Pernul A pattern system for access control. Proceedings of 18th Annual IFIP WG 11.3 Working Conference on Data and Application Security Sitges, Spain 2004 25 28
36. C. Ramaswamy, and R.S. Sandhu Role-based access control features in commercial database management systems. Proceedings of the 21st NIST-NCSC National Information Systems Security Conference Arlington, Virginia 1998
37. I. Ray, N. Li, R. France, and D. Kim Using UML to visualize role-based access control constraints. Proceedings of the 9th ACM Symposium on Access Control Models and Technologies (SACMAT) Yorktown Heights, USA 2004
38. I. Ray, N. Li, D. Kim, and R. France Using parameterized UML to specify and compose access control models. Proceedings of the 6th IFI TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS) Lausanne, Switzerland 2003
39. R. Reddy, A. Solberg, R. France, and S. Ghosh Composing sequence models using tags. Proceedings of Models Workshop on Aspect Oriented Modeling Genova, Italy 2006
40. F. Sanen, E. Truyen, and W. Joosen Mapping problem-space to solution-space features: a feature interaction approach. Proceedings of the 8th International Conference on Generative Programming and Component Engineering Denver, Colorado 2009 167 176
41. S. Segura, D. Benavides, A. Ruiz-Cortes, and P. Trinidad Automated merging of feature models using graph transformations R. Lammel, J. Visser, J. Saraiva, Generative and Transformational Techniques in Software Engineering II, LNCS, vol. 5235 2008 Springer Heidelberg 489 505
42. M. Shin, and G. Ahn UML-based representation of role-based access control. Proc. of the 9th IEEE International Workshops on Enabling Technologies Gaithersburg, Maryland 2000 195 200
43. E. Song, R. Reddy, R. France, I. Ray, G. Georg, and R. Alexander Verifiable composition of access control and application features. Proceedings of the 10th ACM Symposium on Access Control Models and Technologies Stockholm, Sweden 2005 120 129 (Pubitemid 43087468)
44. H. Störrle Semantics of interactions in UML 2.0 Proceedings of IEEE Symposium on Human Centric Computing Languages and Environments Auckland, New Zealand 2003 129 136
45. G. Straw, G. Georg, E. Song, S. Ghosh, R. France, and J. Bieman Model composition directives. Proceedings of the 7th International Conference on the UML Lisbon, Portugal 2004 84 97 (Pubitemid 39737629)
46. The Object Management Group (OMG), January 2002. XML Metadata Interchange. Version 1.2 Formal/2002-01-01, OMG. http://www.omg.org.
47. The Object Management Group (OMG), November 2007. Unified Modeling Language: Superstructure. Version 2.1.2 formal/07-11-02, OMG. http://www.omg.org.
48. E. Triantaphyllou, and S. Mann Using the analytic hierarchy process for decision making in engineering applications: some challenges International Journal of Industrial Engineering: Applications and Practice 2 1 1995 35 44
49. M. Voelter, and I. Groher Product line implementation using aspect-oriented and model-driven software development. Proceedings of the 11th International Software Product Line Conference 2007 233 242
50. J. Warmer, and A. Kleppe The Object Constraint Language Second Edition: Getting Your Models Ready for MDA 2003 Addison Wesley
51. D.L. Whitfield, and M.L. Soffa An approach for exploring code improving transformations ACM Transactions on Programming Languages and Systems 19 6 1997 1053 1084 (Pubitemid 127455643)