PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Model driven architecture for modeling of logical security based on RBAC approach

Wybrane pełne teksty z tego czasopisma
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
This paper presents an approach of role-based access control (RBAC) for information systems with the use of MDA (Model Driven Architecture). The main purpose is to join the concepts of MDA approach with the concepts of access control models, in particular with the concepts of access control based on roles and on usage concept. To reach this objectives the appropriate solution was created to model the extended RBAC model and URBAC model with the use of concepts and tools of software engineering, in particular MDA methodology and UML (Unified Modeling Language). The presented approach was developed for role engineering in the aspects of logical security of information systems.
Rocznik
Strony
183--199
Opis fizyczny
Bibliogr. 19 poz.
Twórcy
  • Institute of Information Technology, Lodz University of Technology, Lodz, Wolczanska 215
Bibliografia
  • [1] Booch, G., Rumbaugh, J., and Jacobson, I., The Unified Modeling Language User Guide, Addison-Wesley, 2004.
  • [2] Group, T. O. M., OMG Unified Modeling Language (OMG UML): Superstructure, http://www.omg.org/technology/documents/formal/uml.htm, 2009.
  • [3] Castaro, S., Fugini, M., Martella, G., and Samarati, P., Database Security, Addison-Wesley, 1994.
  • [4] Dows, D., Rub, J., Kung, K., and Jordan, C., Issues in discretionary access control, In: Proc. of IEEE Symposium on Research in Security and Privacy, 1985.
  • [5] Sandhu, R. S. and Samarati, P., Access Control: Principles and Practice, IEEE Communication, Vol. 32, No. 9, 1994, pp. 40–48.
  • [6] Bertino, E., Bettini, C., and Samarati, P., A Temporal Access Control Mechanism for Database Systems, IEEE Transitions on Knowledge and Data Engineering, , No. 8(1), 1996.
  • [7] Bertino, E., Bonatti, P., and Ferrari, E., A Temporal Role-based Access Control Model, ACM Transaction on Information and System Security, , No. 4(3), 2001, pp. 191–233.
  • [8] Gal, A. and Atluri, V., An Authorization Model for Temporal Data, ACM Transaction on Information and System Security, , No. 5(1), 2002.
  • [9] James, B., Joshi, E., Bertino, U., Latif, A., and Ghafoo, A., A Generalized Temporal Role-Based Access Control Model, IEEE Transitions on Knowledge and Data Engineering, , No. 17(1), 2005, pp. 4–23.
  • [10] Park, J. and Sandhu, R., The UCON ABC Usage Control Model, ACM Transactions on Information and System Security, , No. 7, 2004.
  • [11] Park, J., Zhang, X., and Sandhu, R., Attribute Mutability in Usage Control, In: 18th IFIP WG 11.3 Working Conference on Data and Applications Security, 2004.
  • [12] Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E., Role-Based Access Control Models, IEEE Computer, Vol. 29, No. 2, 1996, pp. 38–47.
  • [13] Ferraiolo, D., Sandhu, R. S., Gavrila, S., Kuhn, D. R., and Chandramouli, R., Proposed NIST Role-Based Access Control, ACM, Transactions on Information and Systems Security (TISSEC), Vol. 4, No. 3, 2001.
  • [14] Poniszewska-Maranda, A., Goncalves, G., and Hemery, F., Representation of extended RBAC model using UML language, In: SOFSEM 2005, LNCS 3381, Publisher: Springer-Verlag Heidelberg, 2005.
  • [15] Goncalves, G. and Poniszewska-Maranda, A., Role engineering: from design to evaluation of security schemas, Journal of Systems and Software, Elsevier, Vol. 81, No. 8, 2008, pp. 1306–1326.
  • [16] Poniszewska-Maranda, A., Modeling and design of role engineering in development of access control for dynamic information systems, Bulletin of the Polish Academy of Sciences, Technical Science, Vol. 61, No. 3, 2013.
  • [17] Jin, X., Applying Model Driven Architecture approach to Model Role Based Access Control System, Ph.D. thesis, Canada, 2006.
  • [18] Krause, L., eXtensible Access Control Markup Language (XACML) what is it and why is it important? http://codingbliss.com/?p=161.
  • [19] Niemiec, J., Morawiec, M., Ber, J., Drozy´nski, D., and Wcislo, M., MDA (Model Driven Architecture) for modeling of access control of information system based on eRBAC model, Tech. rep., Supervisor: A. PoniszewskaMarańda, Institute of Information Technology, Lodz University of Technology, 2012.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-6b279203-1db5-44e7-9d10-85ef98ee80e6
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.