Abstract
This paper presents an extension of role-based access control model with the use of usage control concept together with its representation using the Unified Modeling Language (UML). The presented model is developed for role engineering in the security of information system. The presented implementation of URBAC (Usage Role-Based Access Control) model consists in creation of security profiles for the users of information system.
Keywords
- Access Control
- Sequence Diagram
- Access Control Policy
- Access Control Model
- Case Diagram
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download conference paper PDF
References
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Ferraiolo, D., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Role-Based Access control. ACM TISSEC (2001)
Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modeling Language User Guide. Addison-Wesley (2004)
OMG Unified Modeling Language (OMG UML): Superstructure, Version 2.2, The Object Management Group (February 2009), http://www.omg.org/technology/documents/formal/uml.htm
Ahn, G.-J., Sandhu, R.S.: Role-based Authorization Constraints Specification. ACM Transactions on Information and Systems Security (2000)
Park, J., Zhang, X., Sandhu, R.: Attribute Mutability in Usage Control. In: 18th IFIP WG 11.3 Working Conference on Data and Applications Security (2004)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4(2), 81–99 (2010)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM 49(9) (September 2006)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM TISSEC 8(4), 351–387 (2005)
Poniszewska-Maranda, A., Goncalves, G., Hemery, F.: Representation of Extended RBAC Model Using UML Language. In: Vojtáš, P., Bieliková, M., Charron-Bost, B., Sýkora, O. (eds.) SOFSEM 2005. LNCS, vol. 3381, pp. 413–417. Springer, Heidelberg (2005)
Poniszewska-Marańda, A.: Access Control Coherence of Information Systems Based on Security Constraints. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 412–425. Springer, Heidelberg (2006)
Goncalves, G., Poniszewska-Maranda, A.: Role engineering: from design to evaluation of security schemas. Journal of Systems and Software 81(8), 1306–1326 (2008)
Poniszewska-Maranda, A.: Conception Approach of Access Control in Heterogeneous Information Systems using UML. Journal of Telecommunication Systems 45(2-3), 177–190 (2010)
Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM Trans. Information and System Security 7(3), 392–427 (2004)
Castaro, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley (1994)
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)
Dows, D., Rub, J., Kung, K., Jordan, C.: Issues in discretionary access control. In: Proc. of IEEE Symposium on Research in Security and Privacy, pp. 208–218 (1985)
Bertino, E., Bettini, C., Samarati, P.: Temporal Access Control Mechanism for Database Systems. IEEE Trans. on Knowledge and Data Engineering (8) (1996)
Bertino, E., Bonatti, P., Ferrari, E.: A Temporal Role-based Access Control Model. ACM Trans. on Information and System Security 4(3), 191–233 (2001)
Gal, A., Atluri, V.: An Authorization Model for Temporal Data. ACM Transaction on Information and System Security 5(1) (2002)
James, B., Joshi, E., Bertino, U., Latif, A., Ghafoo, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transitions on Knowledge and Data Engineerin 17(1), 4–23 (2005)
Poniszewska-Maranda, A.: Implementation of Access Control Model for Distributed Information Systems Using Usage Control. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 54–67. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Poniszewska-Maranda, A. (2012). UML Representation of Extended Role-Based Access Control Model with the Use of Usage Control Concept. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science, vol 7465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32498-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-32498-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32497-0
Online ISBN: 978-3-642-32498-7
eBook Packages: Computer ScienceComputer Science (R0)
