Author
|
Conference
|
Journal
|
Organization
|
Year
|
DOI
Look for results that meet for the following criteria:
since
equal to
before
between
and
Search in all domains
Limit my searches in the following domains
Agriculture Science
Arts & Humanities
Biology
Chemistry
Computer Science
Economics & Business
Engineering
Environmental Sciences
Geosciences
Material Science
Mathematics
Medicine
Physics
Social Science
Multidisciplinary
Keywords
(7)
Process Model
Role Based Access Control
Role Engineering
Software Engineering
Software Systems
System Modeling
System Security
Subscribe
Academic
Publications
Modeling process-related RBAC models with extended UML activity models
Edit
Modeling process-related RBAC models with extended UML activity models
(
Citations: 3
)
BibTex
|
RIS
|
RefWorks
Download
Mark Strembeck
,
Jan Mendling
ContextBusiness processes are an important source for the engineering of customized
software systems
and are constantly gaining attention in the area of
software engineering
as well as in the area of information and system security. While the need to integrate processes and role-based
access control
(RBAC) models has been repeatedly identified in research and practice, standard process modeling languages do not provide corresponding language elements.
Journal:
Information & Software Technology - INFSOF
, vol. 53, no. 5, pp. 456-483, 2011
DOI:
10.1016/j.infsof.2010.11.015
Cumulative
Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
(
www.sciencedirect.com
)
(
www.informatik.uni-trier.de
)
(
dx.doi.org
)
Citation Context
(3)
...Further, [
91
] extends UML ADs with concepts to define role-based access control aspects...
Marcello La Rosa
,
et al.
Managing Process Model Complexity via Abstract Syntax Modifications
...ME and binding constraints are usually specied on role- or task-level (see, e.g., [1], [11], [
12
], [14])...
...In [
12
], the UML2 metamodel extension BusinessActivities was presented which allows for modeling process-related RBAC models...
...In [9], [
12
], modeling support for roles, tasks, and duties in business processes is provided via extended UML2 Activity diagrams...
...In addition, the Object Constraint Language (OCL) [7] is applied in [9], [
12
] to formally dene the semantics of the newly introduced UML elements and to ensure the consistency of the extended UML models...
...For a complete denition of the semantics of all new modeling elements, please refer to the denition of the metamodel extensions in [9], [
12
]...
...A BusinessActivity is a special UML Activity (see Figure 1). It can include all elements available for ordinary UML Activities in addition to the newly introduced elements presented in [
12
]...
...ME and binding constraints can be dened on Business Actions (see [
12
] for further details)...
...Duties can be dened as statically mutual exclusive (SME) (see, e.g., [3], [11], [
12
], [14])...
...subject binding (SB) or role binding (RB) of duties (see, e.g., [11], [
12
], [13])...
...RB, and SB constraints for Duties in Business Activities (see Figure 1). In [
12
], the denition of ME and binding constraints on Business Actions is motivated...
...Moreover, it is not possible to dene a DME constraint on D2 and D4. DME Duties are executed by two dierent subjects during one process instance, while SME Business Actions need to be executed by two dierent subjects in all process instances (see also [
12
])...
...In contrast, a DME constraint denes that during one process instance the instances of two Business Actions must not be performed by the same subject [
12
]...
...The attributes executingSubject and responsibleSubject determine the Subjects that execute a particular Business Action or Duty instance, respectively (see [9], [
12
])...
Sigrid Schefer
.
Consistency Checks for Duties in Extended UML2 Activity Models
...However, when the existing RBAC model is applied to organizational structures, it can have the ambiguity problem [4][
5
] in the view of its presentation, especially a role hierarchy...
...In addition, it simplifies the specification of security policy [4][
5
]...
Jihyun Lee
,
et al.
Access Control Using Extended Role Graph Corresponding to Organization...
References
(45)
Formalization and Verification of Event-driven Process Chains
(
Citations: 127
)
Wil M. P. Van Der Aalst
Journal:
Information & Software Technology - INFSOF
, vol. 41, no. 10, pp. 639-650, 1999
YAWL: Yet Another Workflow Language
(
Citations: 222
)
Wil M. P. Van Der Aalst
,
Arthur H. M. Ter Hofstede
Journal:
Information Systems - IS
, vol. 30, no. 4, pp. 245-275, 2005
Role-based authorization constraints specification
(
Citations: 217
)
Gail-Joon Ahn
,
Ravi S. Sandhu
Journal:
ACM Transactions on Information and System Security - TISSEC
, vol. 3, no. 4, pp. 207-226, 2000
Constraint based role based access control in the SECTET-frameworkA model-driven approach
(
Citations: 4
)
Muhammad Alam
,
Michael Hafner
,
Ruth Breu
Journal:
Journal of Computer Security - JCS
, vol. 16, no. 2, pp. 223-260, 2008
Model driven security: From UML models to access control infrastructures
(
Citations: 134
)
David A. Basin
,
Jürgen Doser
,
Torsten Lodderstedt
Journal:
ACM Transactions on Software Engineering and Methodology - TOSEM
, vol. 15, no. 1, pp. 39-91, 2006
Order by:
Citations
(3)
Managing Process Model Complexity via Abstract Syntax Modifications
Marcello La Rosa
,
Petia Wohed
,
Jan Mendling
,
Arthur H. M. ter Hofstede
,
Hajo A. Reijers
,
Wil M. P. van der Aalst
Journal:
IEEE Transactions on Industrial Informatics
, vol. 7, no. 4, pp. 614-629, 2011
Consistency Checks for Duties in Extended UML2 Activity Models
Sigrid Schefer
Conference:
Availability, Reliability and Security - IEEEARES
, 2011
Access Control Using Extended Role Graph Corresponding to Organizational Hierarchy
Jihyun Lee
,
Sungwon Kang
,
Sunjin Hur
Conference:
ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering - CNSI
, 2011