论文信息 - An RBAC Model-Based Approach to Specify the Access Policies of Web-Based Emergency Information Systems

An RBAC Model-Based Approach to Specify the Access Policies of Web-Based Emergency Information Systems

One of the main design challenges of any Web-based Emergency Management Information System (WEMIS) is the diversity of users and responsibilities to be considered. Modelling the access capabilities of different communities of users is a most relevant concern for which the RBAC (Role-Based Access Control) paradigm provides flexible and powerful constructs. In this paper we describe how we used an RBAC model-based approach to specify at different levels of abstraction the access policy of a specific WEMIS called ARCE ("Aplicacion en Red para Casos de Emergencia"). This approach made possible to face access modelling at earlier development stages, so that stakeholders got involved in analytical and empirical evaluations to test the correctness and completeness of the access policy. Moreover, since the RBAC meta-model is embedded into a web engineering method, we put in practice a holistic process addressing different design perspectives in an integrated way.

Daniel Sanz | Ignacio Aedo | Paloma Díaz

[1] Fivos Panetsos,et al. Modeling the Dynamic Behavior of Hypermedia Applications , 2001, IEEE Trans. Software Eng..

[2] Michael P. Gallaher,et al. Planning Report 02-1: The Economic Impact of Role-Based Access Control | NIST , 2002 .

[3] Jan Jürjens,et al. UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[4] MengChu Zhou,et al. Role-based collaboration and its kernel mechanisms , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[5] M. Koch,et al. Integrating Security Policy Design into the Software Development Process Technical Report B – 01 – 06 , 2001 .

[6] Ian Clark. An Introduction to Role-Based Access Control , 2007, Information Security Management Handbook, 6th ed..

[7] Paloma Díaz,et al. A methodological approach for hypermedia security modeling , 2003, Inf. Softw. Technol..

[8] Daniel Sanz,et al. Integrating Access Policies into the Development Process of Hypermedia Web Systems , 2006 .

[9] Premkumar T. Devanbu,et al. Software engineering for security: a roadmap , 2000, ICSE '00.

[10] Paloma Díaz,et al. Modelling hypermedia and web applications: the Ariadne Development Method, , 2005, Inf. Syst..

[11] M. Gallaher,et al. The Economic Impact of Role-Based Access Control , 2002 .

[12] Xiang Yao,et al. The Design of a Dynamic Emergency Response Management Information System (DERMIS) , 2004 .