Access Control Management Using Extended RBAC Model
The protection of data in information systems against improper disclosure or modification is an important requirement of each system. Nowadays the information systems of enterprises are more and more open, more information is easy accessible for the users, so it is important to better protect the confidential information. The paper presents a software tool for managing the security of enterprise information system on the access control level from the point of view of security administrator. The security administrator who is responsible for information system security will obtain a tool that facilitate the management of one of security aspects, namely the management of access control of users to data stored in a system. However, the application developers can also use such tool to define the access control rules for application elements created on the conception level.
KeywordsAccess Control Security Policy Access Control Policy Access Control Model Information System Security
Unable to display preview. Download preview PDF.
- 1.Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. ACM Press, Addison-Wesley (1994)Google Scholar
- 2.Sandhu, R., Munawer, Q.: How to do Discretionary Access Control Using Roles. In: Proceeding of 3rd ACM Workshop on Role-Based Access Control (1998)Google Scholar
- 3.Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST Role-Based Access Control. ACM Transactions on Information and Systems Security TISSEC 4(3) (2001)Google Scholar
- 4.Goncalves, G., Poniszewska-Maranda, A.: Role engineering: from design to evaluation of security schemas. Journal of Systems and Software 81 (2008)Google Scholar
- 6.Poniszewska-Marańda, A.: Conception Approach of Access Control in Heterogeneous Information Systems using UML. Journal of Telecommunication Systems 44 (2010)Google Scholar