ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A scenario-driven role engineering process for functional RBAC roles
Full text PdfPdf (172 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the seventh ACM symposium on Access control models and technologies table of contents
Monterey, California, USA
SESSION: Role Engineering table of contents
Pages: 33 - 42  
Year of Publication: 2002
ISBN:1-58113-496-7
Authors
Gustaf Neumann  Vienna University of Economics and BA, Austria
Mark Strembeck  Vienna University of Economics and BA, Austria
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 14,   Downloads (12 Months): 89,   Citation Count: 21
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/507711.507717
What is a DOI?

ABSTRACT

In this paper we present a novel scenario-driven role engineering process for RBAC roles. The scenario concept is of central significance for the presented approach. Due to the strong human factor in role engineering scenarios are a good means to drive the process. We use scenarios to derive permissions and to define tasks. Our approach considers changeability issues and enables the straightforward incorporation of changes into affected models. Finally we discuss the experiences we gained by applying the scenario-driven role engineering process in three case studies.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Grady Booch , James Rumbaugh , Ivar Jacobson, The Unified Modeling Language user guide, Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, 1999
 
2
John M. Carroll, Five Reasons for Scenario-Based Design, Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences-Volume 3, p.3051, January 05-08, 1999
3
Edward J. Coyne, Role engineering, Proceedings of the first ACM Workshop on Role-based access control, p.4-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270159]
 
4
John M. Carroll, Scenario-based design: envisioning work and technology in system development, John Wiley & Sons, Inc., New York, NY, 1995
5
Pete Epstein , Ravi Sandhu, Towards a UML based approach to role engineering, Proceedings of the fourth ACM workshop on Role-based access control, p.135-143, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319184]
 
6
P. Epstein , R. Sandhu, Engineering of Role/Permission Assignments, Proceedings of the 17th Annual Computer Security Applications Conference, p.127, December 10-14, 2001
7
E. B. Fernandez , J. C. Hawkins, Determining role rights from use cases, Proceedings of the second ACM workshop on Role-based access control, p.121-125, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266767]
8
David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999  [doi>10.1145/300830.300834]
9
David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
10
Cheh Goh , Adrian Baldwin, Towards a more complete model of role, Proceedings of the third ACM workshop on Role-based access control, p.55-62, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286898]
 
11
O. Gotel and A. Finkelstein. An analysis of the requirements traceability problem. In Proc. of the IEEE International Conference on Requirements Engineering (ICRE), 1994.
 
12
Kurt Gutzmann, Access Control and Session Management in the HTTP Environment, IEEE Internet Computing, v.5 n.1, p.26-35, January 2001  [doi>10.1109/4236.895139]
13
Ivar Jacobson, Object-oriented software engineering, ACM Press, New York, NY, 1991
 
14
M. Jarke, X.T. Bui, and J.M. Carroll. Scenario management: An interdisciplinary approach. Requirements Engineering Journal, 3(3/4), 1998.
 
15
Cem Kaner , Jack L. Falk , Hung Quoc Nguyen, Testing Computer Software, Second Edition, John Wiley & Sons, Inc., New York, NY, 1999
 
16
Ian Sommerville , Gerald Kontonya , Gerald Kotonya, Requirements Engineering: Processes and Techniques, John Wiley & Sons, Inc., New York, NY, 1998
17
Gustaf Neumann , Mark Strembeck, Design and implementation of a flexible RBAC-service in an object-oriented scripting language, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.501992]
 
18
William Perry, Effective methods for software testing, Wiley-QED Publishing, Somerset, NJ, 1995
 
19
Balasubramaniam Ramesh , Matthias Jarke, Toward Reference Models for Requirements Traceability, IEEE Transactions on Software Engineering, v.27 n.1, p.58-93, January 2001  [doi>10.1109/32.895989]
 
20
Suzanne Robertson , James Robertson, Mastering the requirements process, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1999
21
Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
 
22
Colette Rolland , Georges Grosz , Régis Kla, Experience with Goal-Scenario Coupling in Requirements Engineering, Proceedings of the 4th IEEE International Symposium on Requirements Engineering, p.74, June 07-11, 1999
 
23
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
24
The UNIVERSAL Brokerage Platform Homepage. http://www.ist-universal.org.
 
25
Axel van Lamsweerde, Goal-Oriented Requirements Engineering: A Guided Tour, Proceedings of the 5th IEEE International Symposium on Requirements Engineering, p.249, August 27-31, 2001

CITED BY  21
Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, On modeling system-centric information for role engineering, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, A role administration system in role-based authorization infrastructures: design and implementation, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
Jürgen Schlegelmilch , Ulrike Steffens, Role mining with ORCA, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Jaideep Vaidya , Vijayalakshmi Atluri , Janice Warner, RoleMiner: mining roles using subset enumeration, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
William Claycomb , Dongwan Shin, Mobile-driven architecture for managing enterprise security policies, Proceedings of the 44th annual southeast regional conference, March 10-12, 2006, Melbourne, Florida
Dana Zhang , Kotagiri Ramamohanarao , Tim Ebringer, Role engineering using graph optimisation, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello, A cost-driven approach to role engineering, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Mario Frank , David Basin , Joachim M. Buhmann, A class of probabilistic models for role engineering, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Nabil Adam, Migrating to optimal RBAC with minimal perturbation, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Vijay Atluri, Panel on role engineering, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Ian Molloy , Hong Chen , Tiancheng Li , Qihua Wang , Ninghui Li , Elisa Bertino , Seraphin Calo , Jorge Lobo, Mining roles with semantic meanings, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Gilles Goncalves , Aneta Poniszewska-Maranda, Role engineering: From design to evolution of security schemes, Journal of Systems and Software, v.81 n.8, p.1306-1326, August, 2008
Paolo Guarda , Nicola Zannone, Towards the development of privacy-aware systems, Information and Software Technology, v.51 n.2, p.337-350, February, 2009
Ian Molloy , Ninghui Li , Tiancheng Li , Ziqing Mao , Qihua Wang , Jorge Lobo, Evaluating role mining algorithms, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Qingfeng He , Annie I. Antón, Requirements-based Access Control Analysis and Policy Specification (ReCAPS), Information and Software Technology, v.51 n.6, p.993-1009, June, 2009
Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello , Nino Vincenzo Verde, A formal framework to elicit roles with business meaning in RBAC systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Haibing Lu, Edge-RMP: Minimizing administrative assignments for role-based access control, Journal of Computer Security, v.17 n.2, p.211-235, April 2009
Radu Constantinescu , Andrei Toma , Iuliana Scorta , Floarea Nastase , Razvan Zota, V-model approach for role engineering, Proceedings of the WSEAES 13th international conference on Computers, p.148-152, July 23-25, 2009, Rodos, Greece
Michael Stieghahn , Thomas Engel, Law-aware access control for international financial environments, Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access, June 29-29, 2009, Providence, Rhode Island

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Elicitation methods (e.g., rapid prototyping, interviews, JAD)

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Methodologies (e.g., object-oriented, structured)
      D.2.9 Management
          Subjects: Life cycle; Software process models (e.g., CMM, ISO, PSP)
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Design, Human Factors, Management, Security


Keywords:
role engineering, role-based access control, scenarios

Collaborative Colleagues:
Gustaf Neumann: colleagues
Mark Strembeck: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player