A Verifiable Modeling Approach to Configurable Role-Based Access Control

Role-based access control (RBAC) is a popular access control model for enterprise systems due to its economic benefit and scalability. There are many RBAC features available, each providing a different feature. Not all features are needed for an RBAC system. Depending on the requirements, one should be able to configure RBAC by selecting only those features that are needed for the requirements. However, there have not been suitable methods that enable RBAC configuration at the feature level. This paper proposes an approach for systematic RBAC configuration using a combination of feature modeling and UML modeling. The approach describes feature modeling and design principles for specifying and verifying RBAC features and a composition method for building configured RBAC. We demonstrate the approach by building an RBAC configuration for a bank application.

[1]  Alice Faulstich-Brady A taxonomy of inheritance semantics , 1993, Proceedings of 1993 IEEE 7th International Workshop on Software Specification and Design.

[2]  Charles Ashbacher,et al.  The Object Constraint Language Second Edition, Getting Your Models Ready for MDA, by Jos Warmer and Anneke Kleppe. , 2003 .

[3]  Ramaswamy Chandramouli,et al.  Role-Based Access Control Features in Commercial Database Management Systems , 1998 .

[4]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[5]  Gail-Joon Ahn,et al.  UML-based representation of role-based access control , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[6]  Indrakshi Ray,et al.  Verifiable composition of access control and application features , 2005, SACMAT '05.

[7]  Eduardo B. Fernández,et al.  A Pattern System for Access Control , 2004, DBSec.

[8]  Anneke Kleppe,et al.  The Object Constraint Language: Getting Your Models Ready for MDA , 2003 .

[9]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[10]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[11]  Harald Störrle Semantics of interactions in UML 2.0 , 2003, HCC.

[12]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[13]  Indrakshi Ray,et al.  Modeling Role-Based Access Control Using Parameterized UML Models , 2004, FASE.

[14]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[15]  Ramaswamy Chandramouli Application of XML tools for enterprise-wide RBAC implementation tasks , 2000, RBAC '00.

[16]  Kyo Chul Kang,et al.  Feature-Oriented Domain Analysis (FODA) Feasibility Study , 1990 .

[17]  Siobhán Clarke,et al.  Composition patterns: an approach to designing reusable aspects , 2001, ICSE 2001.

[18]  Ramaswamy Chandramouli,et al.  Role-Based Access Control, Second Edition , 2007 .

[19]  Robert B. France,et al.  Model Composition Directives , 2004, UML.

[20]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[21]  Pierangela Samarati,et al.  Research Directions in Data and Applications Security XVIII , 2004, IFIP International Federation for Information Processing.

[22]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[23]  Siobhán Clarke,et al.  Composition patterns: an approach to designing reusable , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.