UML Representation of Extended Role-Based Access Control Model with the Use of Usage Control Concept

  • Aneta Poniszewska-Maranda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)


This paper presents an extension of role-based access control model with the use of usage control concept together with its representation using the Unified Modeling Language (UML). The presented model is developed for role engineering in the security of information system. The presented implementation of URBAC (Usage Role-Based Access Control) model consists in creation of security profiles for the users of information system.


Access Control Sequence Diagram Access Control Policy Access Control Model Case Diagram 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  2. 2.
    Ferraiolo, D., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Role-Based Access control. ACM TISSEC (2001)Google Scholar
  3. 3.
    Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modeling Language User Guide. Addison-Wesley (2004)Google Scholar
  4. 4.
    OMG Unified Modeling Language (OMG UML): Superstructure, Version 2.2, The Object Management Group (February 2009),
  5. 5.
    Ahn, G.-J., Sandhu, R.S.: Role-based Authorization Constraints Specification. ACM Transactions on Information and Systems Security (2000)Google Scholar
  6. 6.
    Park, J., Zhang, X., Sandhu, R.: Attribute Mutability in Usage Control. In: 18th IFIP WG 11.3 Working Conference on Data and Applications Security (2004)Google Scholar
  7. 7.
    Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4(2), 81–99 (2010)CrossRefGoogle Scholar
  8. 8.
    Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM 49(9) (September 2006)Google Scholar
  9. 9.
    Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM TISSEC 8(4), 351–387 (2005)CrossRefGoogle Scholar
  10. 10.
    Poniszewska-Maranda, A., Goncalves, G., Hemery, F.: Representation of Extended RBAC Model Using UML Language. In: Vojtáš, P., Bieliková, M., Charron-Bost, B., Sýkora, O. (eds.) SOFSEM 2005. LNCS, vol. 3381, pp. 413–417. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Poniszewska-Marańda, A.: Access Control Coherence of Information Systems Based on Security Constraints. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 412–425. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Goncalves, G., Poniszewska-Maranda, A.: Role engineering: from design to evaluation of security schemas. Journal of Systems and Software 81(8), 1306–1326 (2008)CrossRefGoogle Scholar
  13. 13.
    Poniszewska-Maranda, A.: Conception Approach of Access Control in Heterogeneous Information Systems using UML. Journal of Telecommunication Systems 45(2-3), 177–190 (2010)CrossRefGoogle Scholar
  14. 14.
    Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Trans. Information and System Security 7(3), 392–427 (2004)CrossRefGoogle Scholar
  15. 15.
    Castaro, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley (1994)Google Scholar
  16. 16.
    Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)Google Scholar
  17. 17.
    Dows, D., Rub, J., Kung, K., Jordan, C.: Issues in discretionary access control. In: Proc. of IEEE Symposium on Research in Security and Privacy, pp. 208–218 (1985)Google Scholar
  18. 18.
    Bertino, E., Bettini, C., Samarati, P.: Temporal Access Control Mechanism for Database Systems. IEEE Trans. on Knowledge and Data Engineering (8) (1996)Google Scholar
  19. 19.
    Bertino, E., Bonatti, P., Ferrari, E.: A Temporal Role-based Access Control Model. ACM Trans. on Information and System Security 4(3), 191–233 (2001)CrossRefGoogle Scholar
  20. 20.
    Gal, A., Atluri, V.: An Authorization Model for Temporal Data. ACM Transaction on Information and System Security 5(1) (2002)Google Scholar
  21. 21.
    James, B., Joshi, E., Bertino, U., Latif, A., Ghafoo, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transitions on Knowledge and Data Engineerin 17(1), 4–23 (2005)CrossRefGoogle Scholar
  22. 22.
    Poniszewska-Maranda, A.: Implementation of Access Control Model for Distributed Information Systems Using Usage Control. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 54–67. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Aneta Poniszewska-Maranda
    • 1
  1. 1.Institute of Information TechnologyTechnical University of LodzPoland

Personalised recommendations