Skip to main content
SpringerLink
Log in

HyDRo – Hybrid Development of Roles

  • Conference paper
Information Systems Security (ICISS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5352))

Included in the following conference series:

Abstract

Defining valid enterprise-wide roles needs to be carried out on the basis of a predefined Role Development Methodology. Hybrid role development combining elements from Role Engineering and Role Mining is the most promising way to define enterprise-wide roles, however no such model has been published yet. We close this gap by analysing existing approaches and proposing HyDRo, a tool-supported methodology that facilitates existing identity information and access rights without neglecting the importance of information like managers’ knowledge about their employees.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferraiolo, D.F., Kuhn, R.D., Chandramouli, R.: Role-Based Access Control. Artech House, Boston (2007)

    MATH  Google Scholar 

  2. Larsson, E.A.: A case study: Implementing Novell Identity Management at Drew University. In: Proc. of the 33rd annual ACM SIGUCCS conference on User services (SIGUCCS 2005), pp. 165–170. ACM, New York (2005)

    Chapter  Google Scholar 

  3. Dhillon, G.: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns. Computers & Security 20(2), 165–172 (2001)

    Article  Google Scholar 

  4. Fuchs, L., Pernul, G.: Supporting Compliant and Secure User Handling – a Structured Approach for In-house Identity Management. In: Proc. of the 2nd Int. Conference on Availability, Reliability and Security (ARES 2007), pp. 374–384. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  5. Gallaher, M.P., O’Connor, A.C., Kropp, B.: The economic impact of role-based access control. Planning report 02-1, National Institute of Standards and Technology, Gaithersburg, MD (2002), http://www.nist.gov/director/prog-ofc/report02-1.pdf

  6. Epstein, P., Sandhu, R.: Engineering of Role/Permission Assignments. In: Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001). IEEE Computer Society, Washington (2001)

    Google Scholar 

  7. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: Proc. of the 12th ACM Symp. on Access Control Models and Technologies (SACMAT 2007), pp. 175–184. ACM, New York (2007)

    Chapter  Google Scholar 

  8. Roeckle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proc. of the 5th ACM workshop on Role-based access control, pp. 103–110. ACM, New York (2000)

    Chapter  Google Scholar 

  9. Crook, R., Ince, D., Nuseibeh, B.: Towards an Analytical Role Modelling Framework for Security Requirements (2002), http://mcs.open.ac.uk/ban25/papers/refsq02.pdf

  10. Colantonio, A., Di Pietro, R., Ocello, A.: Leveraging Lattices to Improve Role Mining. In: Proc. of the 23rd Int. Information Security Conference (SEC 2008) (2008)

    Google Scholar 

  11. Fuchs, L., Pernul, G.: proROLE: A Process-oriented Lifecycle Model for Role Systems. In: Proc. of the 16th European Conference on Information Systems (ECIS), Galway, Ireland (2008)

    Google Scholar 

  12. Shin, D., Ahn, G., Cho, S., Jin, S.: On modeling system-centric information for role engineering. In: Proc. of the 8th ACM Symp. on Access Control Models and Technologies (SACMAT 2003), pp. 169–178. ACM, New York (2003)

    Google Scholar 

  13. Coyne, E.J.: Role Engineering. In: Proc. of the 1st ACM Workshop on Role-based access control. ACM, New York (1996)

    Google Scholar 

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 39–47 (1996)

    Article  Google Scholar 

  15. Sadahiro, I.: A Critique of UML’s Definition of the Use-Case Class. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 280–294. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proc. of the 7th ACM Symp. on Access Control Models and Technologies, pp. 33–42. ACM, New York (2002)

    Google Scholar 

  17. Strembeck, M.: A Role Engineering Tool for Role-Based Access Control. In: Proc. of the Symp. on Requirements Engineering for Information Security (SREIS), Paris, France (2005)

    Google Scholar 

  18. Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proc. of the 13th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), pp. 81–86. IEEE Computer Society, Washington (2004)

    Chapter  Google Scholar 

  19. Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proc. of the 10th ACM Symp. on Access Control Models and Technologies (SACMAT 2005), pp. 168–176. ACM, New York (2005)

    Google Scholar 

  20. Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proc. of the 8th ACM Symp. on Access Control Models and Technologies (SACMAT 2003), pp. 179–186. ACM, New York (2003)

    Google Scholar 

  21. Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the role life-cycle in the context of enterprise security management. In: Proc. of the 7th ACM Symp. on Access Control Models and Technologies (SACMAT 2002), pp. 43–51. ACM, New York (2002)

    Google Scholar 

  22. Vaidya, J., Atluri, V., Warner, J.: RoleMiner: mining roles using subset enumeration. In: Proc. of the 13th ACM Conf. on Computer and Communications Security (CCS 2006), pp. 144–153. ACM, New York (2006)

    Google Scholar 

  23. Colantonio, A., Di Pietro, R., Ocello, A.: A cost-driven approach to role engineering. In: Proc. of the 2008 ACM Symp. on Applied Computing, pp. 2129–2136. ACM, New York (2008)

    Chapter  Google Scholar 

  24. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proc. of the 13th ACM Symp. on Access Control Models and Technologies (SACMAT 2008). ACM, New York (2008)

    Google Scholar 

  25. Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to optimal RBAC with minimal perturbation. In: Proc. of the 13th ACM Symp. on Access Control Models and Technologies (SACMAT 2008). ACM, New York (2008)

    Google Scholar 

  26. Braun, C., Wortmann, F., Hafner, M., Winter, R.: Method Construction – A Core Approach to Organizational Engineering. In: Proc. of the 2005 ACM Symposium on Applied Computing, pp. 1295–1299. ACM, New York (2005)

    Chapter  Google Scholar 

  27. Gutzwiller, T.: Das CC RIM-Referenzmodell für den Entwurf von betrieblichen, transaktionsorientierten Informationssystemen. Physica-Verlag, Heidelberg (1994)

    Book  Google Scholar 

  28. Brinkkemper, S.: Method engineering: engineering of information systems development methods and tools. Information and Software Technology 38, 275–280 (1996)

    Article  Google Scholar 

  29. Fuchs, L., Preis, A.: BusiROLE: A Model for Integrating Business Roles into Identity Management. In: Proc of the 5th Int. Conference on Trust, Privacy, and Security in Digital Business (TrustBus), Torino, Italy (2008)

    Google Scholar 

  30. Kohonen, T.: Self-Organizing Maps. Springer, Berlin (2001)

    Book  MATH  Google Scholar 

  31. The SOMLib Digital Library Project, Information & Software Engineering Group, Vienna University of Technology, http://www.ifs.tuwien.ac.at/~andi/somlib/index.html

  32. Pries-Heje, J., Baskerville, R., Venable, J.: Strategies for Design Science Research Evaluation. In: Proc. of the 16th European Conference on Information Systems (ECIS), Galway, Ireland (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems, University of Regensburg, 93053, Regensburg, Germany

    Ludwig Fuchs & Günther Pernul

Authors
  1. Ludwig Fuchs
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Stony Brook University, NY 11794-4400, Stony Brook, USA

    R. Sekar

  2. Department of Computer and Information Sciences, University of Hyderabad, 500 046, Hyderabad, India

    Arun K. Pujari

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fuchs, L., Pernul, G. (2008). HyDRo – Hybrid Development of Roles. In: Sekar, R., Pujari, A.K. (eds) Information Systems Security. ICISS 2008. Lecture Notes in Computer Science, vol 5352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89862-7_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89862-7_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89861-0

  • Online ISBN: 978-3-540-89862-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation