文章基本信息

标题：Implementing Advanced RBAC Administration Functionality with USE
本地全文：下载
作者：Tanveer Mustafa ; Karsten Sohr ; Duc-Hanh Dang 等
期刊名称：Electronic Communications of the EASST
电子版ISSN：1863-2122
出版年度：2008
卷号：15
语种：English
出版社：European Association of Software Science and Technology (EASST)
摘要：Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future.