Implementing Advanced RBAC Administration Functionality with USE

Authors

  • Tanveer Mustafa
  • Karsten Sohr
  • Duc-Hanh Dang
  • Michael Drouineaud
  • Stefan Kowski

DOI:

https://doi.org/10.14279/tuj.eceasst.15.177

Abstract

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future.

Downloads

Published

2008-12-01

How to Cite

[1]
T. Mustafa, K. Sohr, D.-H. Dang, M. Drouineaud, and S. Kowski, “Implementing Advanced RBAC Administration Functionality with USE”, eceasst, vol. 15, Dec. 2008.

Issue

Vol. 15 (2008): OCL Concepts and Tools 2008

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.