Abstract
Defining valid enterprise-wide roles needs to be carried out on the basis of a predefined Role Development Methodology. Hybrid role development combining elements from Role Engineering and Role Mining is the most promising way to define enterprise-wide roles, however no such model has been published yet. We close this gap by analysing existing approaches and proposing HyDRo, a tool-supported methodology that facilitates existing identity information and access rights without neglecting the importance of information like managers’ knowledge about their employees.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D.F., Kuhn, R.D., Chandramouli, R.: Role-Based Access Control. Artech House, Boston (2007)
Larsson, E.A.: A case study: Implementing Novell Identity Management at Drew University. In: Proc. of the 33rd annual ACM SIGUCCS conference on User services (SIGUCCS 2005), pp. 165–170. ACM, New York (2005)
Dhillon, G.: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns. Computers & Security 20(2), 165–172 (2001)
Fuchs, L., Pernul, G.: Supporting Compliant and Secure User Handling – a Structured Approach for In-house Identity Management. In: Proc. of the 2nd Int. Conference on Availability, Reliability and Security (ARES 2007), pp. 374–384. IEEE Computer Society, Los Alamitos (2007)
Gallaher, M.P., O’Connor, A.C., Kropp, B.: The economic impact of role-based access control. Planning report 02-1, National Institute of Standards and Technology, Gaithersburg, MD (2002), http://www.nist.gov/director/prog-ofc/report02-1.pdf
Epstein, P., Sandhu, R.: Engineering of Role/Permission Assignments. In: Proc. of the 17th Annual Computer Security Applications Conference (ACSAC 2001). IEEE Computer Society, Washington (2001)
Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: Proc. of the 12th ACM Symp. on Access Control Models and Technologies (SACMAT 2007), pp. 175–184. ACM, New York (2007)
Roeckle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proc. of the 5th ACM workshop on Role-based access control, pp. 103–110. ACM, New York (2000)
Crook, R., Ince, D., Nuseibeh, B.: Towards an Analytical Role Modelling Framework for Security Requirements (2002), http://mcs.open.ac.uk/ban25/papers/refsq02.pdf
Colantonio, A., Di Pietro, R., Ocello, A.: Leveraging Lattices to Improve Role Mining. In: Proc. of the 23rd Int. Information Security Conference (SEC 2008) (2008)
Fuchs, L., Pernul, G.: proROLE: A Process-oriented Lifecycle Model for Role Systems. In: Proc. of the 16th European Conference on Information Systems (ECIS), Galway, Ireland (2008)
Shin, D., Ahn, G., Cho, S., Jin, S.: On modeling system-centric information for role engineering. In: Proc. of the 8th ACM Symp. on Access Control Models and Technologies (SACMAT 2003), pp. 169–178. ACM, New York (2003)
Coyne, E.J.: Role Engineering. In: Proc. of the 1st ACM Workshop on Role-based access control. ACM, New York (1996)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 39–47 (1996)
Sadahiro, I.: A Critique of UML’s Definition of the Use-Case Class. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 280–294. Springer, Heidelberg (2003)
Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proc. of the 7th ACM Symp. on Access Control Models and Technologies, pp. 33–42. ACM, New York (2002)
Strembeck, M.: A Role Engineering Tool for Role-Based Access Control. In: Proc. of the Symp. on Requirements Engineering for Information Security (SREIS), Paris, France (2005)
Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proc. of the 13th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), pp. 81–86. IEEE Computer Society, Washington (2004)
Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proc. of the 10th ACM Symp. on Access Control Models and Technologies (SACMAT 2005), pp. 168–176. ACM, New York (2005)
Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proc. of the 8th ACM Symp. on Access Control Models and Technologies (SACMAT 2003), pp. 179–186. ACM, New York (2003)
Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the role life-cycle in the context of enterprise security management. In: Proc. of the 7th ACM Symp. on Access Control Models and Technologies (SACMAT 2002), pp. 43–51. ACM, New York (2002)
Vaidya, J., Atluri, V., Warner, J.: RoleMiner: mining roles using subset enumeration. In: Proc. of the 13th ACM Conf. on Computer and Communications Security (CCS 2006), pp. 144–153. ACM, New York (2006)
Colantonio, A., Di Pietro, R., Ocello, A.: A cost-driven approach to role engineering. In: Proc. of the 2008 ACM Symp. on Applied Computing, pp. 2129–2136. ACM, New York (2008)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proc. of the 13th ACM Symp. on Access Control Models and Technologies (SACMAT 2008). ACM, New York (2008)
Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to optimal RBAC with minimal perturbation. In: Proc. of the 13th ACM Symp. on Access Control Models and Technologies (SACMAT 2008). ACM, New York (2008)
Braun, C., Wortmann, F., Hafner, M., Winter, R.: Method Construction – A Core Approach to Organizational Engineering. In: Proc. of the 2005 ACM Symposium on Applied Computing, pp. 1295–1299. ACM, New York (2005)
Gutzwiller, T.: Das CC RIM-Referenzmodell für den Entwurf von betrieblichen, transaktionsorientierten Informationssystemen. Physica-Verlag, Heidelberg (1994)
Brinkkemper, S.: Method engineering: engineering of information systems development methods and tools. Information and Software Technology 38, 275–280 (1996)
Fuchs, L., Preis, A.: BusiROLE: A Model for Integrating Business Roles into Identity Management. In: Proc of the 5th Int. Conference on Trust, Privacy, and Security in Digital Business (TrustBus), Torino, Italy (2008)
Kohonen, T.: Self-Organizing Maps. Springer, Berlin (2001)
The SOMLib Digital Library Project, Information & Software Engineering Group, Vienna University of Technology, http://www.ifs.tuwien.ac.at/~andi/somlib/index.html
Pries-Heje, J., Baskerville, R., Venable, J.: Strategies for Design Science Research Evaluation. In: Proc. of the 16th European Conference on Information Systems (ECIS), Galway, Ireland (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fuchs, L., Pernul, G. (2008). HyDRo – Hybrid Development of Roles. In: Sekar, R., Pujari, A.K. (eds) Information Systems Security. ICISS 2008. Lecture Notes in Computer Science, vol 5352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89862-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-89862-7_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89861-0
Online ISBN: 978-3-540-89862-7
eBook Packages: Computer ScienceComputer Science (R0)