一种基于特征的混合门禁系统建模方法

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI:10.1109/SSIRI.2011.16

Sangsig Kim, Dae-Kyoo Kim, Lunjin Lu, S. Park, Suntae Kim

{"title":"一种基于特征的混合门禁系统建模方法","authors":"Sangsig Kim, Dae-Kyoo Kim, Lunjin Lu, S. Park, Suntae Kim","doi":"10.1109/SSIRI.2011.16","DOIUrl":null,"url":null,"abstract":"Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for developing hybrid systems of RBAC and MAC from a development perspective. In this work, we present a feature-based modeling approach for developing hybrid access control systems. In the approach, RBAC and MAC are designed in terms of features and features are configured based on requirements. Configured features are then composed to produce a design model that supports hybrid access control. The approach enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases. We use a hospital system to demonstrate the approach. Tool support for the approach is also discussed.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A Feature-Based Modeling Approach for Building Hybrid Access Control Systems\",\"authors\":\"Sangsig Kim, Dae-Kyoo Kim, Lunjin Lu, S. Park, Suntae Kim\",\"doi\":\"10.1109/SSIRI.2011.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for developing hybrid systems of RBAC and MAC from a development perspective. In this work, we present a feature-based modeling approach for developing hybrid access control systems. In the approach, RBAC and MAC are designed in terms of features and features are configured based on requirements. Configured features are then composed to produce a design model that supports hybrid access control. The approach enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases. We use a hospital system to demonstrate the approach. Tool support for the approach is also discussed.\",\"PeriodicalId\":224250,\"journal\":{\"name\":\"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSIRI.2011.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2011.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

基于角色的访问控制(RBAC)和强制访问控制(MAC)是目前应用最广泛的访问控制模型。它们经常在涉及数据完整性和信息流的领域中一起使用。有很多工作是关于在内核级别结合使用RBAC和MAC策略的，重点是在运行时执行混合策略。然而，从开发的角度对RBAC和MAC混合系统的开发技术研究很少。在这项工作中，我们提出了一种基于特征的建模方法来开发混合访问控制系统。在该方法中，RBAC和MAC是根据特性进行设计的，特性是根据需求进行配置的。然后组合已配置的特性以生成支持混合访问控制的设计模型。该方法实现了RBAC和MAC混合系统的系统开发，并通过在早期开发阶段基于需求的特性配置降低了开发的复杂性和错误。我们用一个医院系统来演示这种方法。对该方法的工具支持也进行了讨论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Feature-Based Modeling Approach for Building Hybrid Access Control Systems

Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for developing hybrid systems of RBAC and MAC from a development perspective. In this work, we present a feature-based modeling approach for developing hybrid access control systems. In the approach, RBAC and MAC are designed in terms of features and features are configured based on requirements. Configured features are then composed to produce a design model that supports hybrid access control. The approach enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases. We use a hospital system to demonstrate the approach. Tool support for the approach is also discussed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

自引率

0.00%

发文量