Role engineering of information system using extended RBAC model

14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05) Pub Date : 2005-06-13 DOI:10.1109/WETICE.2005.50

A. Poniszewska-Marańda

{"title":"Role engineering of information system using extended RBAC model","authors":"A. Poniszewska-Marańda","doi":"10.1109/WETICE.2005.50","DOIUrl":null,"url":null,"abstract":"The role-based access control (RBAC) model is one of the policies used to access control in information systems for enterprises. The RBAC model is a powerful technology for managing and enforcing security in large-scale, enterprise-wide systems. Many implementations of this model, including the RBAC96 model, have been already proposed. This paper presents an extension of the standard RBAC model together with its implementation using the Unified Modeling Language (UML). The presented model is developed for the role engineering in the security of information system. In the paper, the union of the RBAC model, which controls access in the information system, and the UML language, i.e. a unified method of object analysis and design, is proposed. The presented approach of the RBAC model consists in role creation via defining appropriate permissions. The entire procedure is performed in two stages; first permissions assigned to a function are defined, and then definitions of functions assigned to a particular role are provided.","PeriodicalId":128074,"journal":{"name":"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2005.50","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

The role-based access control (RBAC) model is one of the policies used to access control in information systems for enterprises. The RBAC model is a powerful technology for managing and enforcing security in large-scale, enterprise-wide systems. Many implementations of this model, including the RBAC96 model, have been already proposed. This paper presents an extension of the standard RBAC model together with its implementation using the Unified Modeling Language (UML). The presented model is developed for the role engineering in the security of information system. In the paper, the union of the RBAC model, which controls access in the information system, and the UML language, i.e. a unified method of object analysis and design, is proposed. The presented approach of the RBAC model consists in role creation via defining appropriate permissions. The entire procedure is performed in two stages; first permissions assigned to a function are defined, and then definitions of functions assigned to a particular role are provided.

查看原文本刊更多论文

基于扩展RBAC模型的信息系统角色工程

基于角色的访问控制(RBAC)模型是企业信息系统中用于访问控制的策略之一。RBAC模型是一种强大的技术，用于在大型企业范围的系统中管理和实施安全性。该模型的许多实现，包括RBAC96模型，已经被提出。本文提出了标准RBAC模型的扩展及其使用统一建模语言(UML)的实现。该模型是针对信息系统安全中的角色工程而开发的。本文提出了信息系统中控制访问的RBAC模型与UML语言的结合，即统一的对象分析和设计方法。RBAC模型提出的方法包括通过定义适当的权限来创建角色。整个过程分两个阶段进行;首先定义分配给功能的权限，然后提供分配给特定角色的功能的定义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)

自引率

0.00%

发文量