Abstract
Rapid development of new technologies brings with it a need for the new security solutions. Identifying, defining and implementing of security constraints is an important part of the process of modeling and developing of application/information systems and its administration.
The paper presents the issue of security constraints of information system from the point of view of Usage Role-based Access Control approach - it deals with the classification of constraints and their implementation in the process of modeling the access rules for dynamic information systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Role-Based Access control. ACM TISSEC (2001)
Park, J., Zhang, X., Sandhu, R.: Attribute Mutability in Usage Control. In: 18th IFIP WG 11.3 Working Conference on Data and Applications Security (2004)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4(2), 81–99 (2010)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACMÂ 49(9) (2006)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM TISSEC 8(4), 351–387 (2005)
Poniszewska-Maranda, A.: Conception Approach of Access Control in Heterogeneous Information Systems using UML. Journal of Telecommunication Systems 45(2-3), 177–190 (2010)
Strembeck, M., Neumann, G.: An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments. ACM TISSECÂ 7(3) (2004)
Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM TISSECÂ 2(1)
Poniszewska-Maranda, A.: Modeling and design of role engineering in development of access control for dynamic information systems. Bulletin of the Polish Academy of Sciences, Technical Science 61(3) (2013)
Kim, D., Solomon, M.: Fundamentals of Information Systems Security. Jones & Bartlett Learning (2012)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House (2007)
Hu, V.C., Ferraiolo, D.F., Kuhn, D.R.: Assessment of Access Control Systems. Interagency Report 7316, NIST (2006)
Stewart, J.M., Chapple, M., Gibson, D.: CISSP: Certified Information Systems Security Professional Study Guide, 6th edn. John Wiley & Sons (2012)
Ahn, G.-J.: The RCL 2000 language for specifying role-based authorization constraints, Ph.D. thesis, George Mason University, USA (1999)
Ahn, G.-J., Sandhu, R.S.: Role-based authorization constraints specification. ACM Trans. on Information and Systems Security 3(4), 207–226 (2000)
Poniszewska-Maranda, A.: Logical security models and their implementations in information systems (in Polish). EXIT (2013)
Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modelling Language User Guide. Addison Wesley (1998)
OMG, OMG Unified Modeling Language Specification (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Poniszewska-Maranda, A. (2014). Security Constraints in Modeling of Access Control Rules for Dynamic Information Systems. In: Geffert, V., Preneel, B., Rovan, B., Å tuller, J., Tjoa, A.M. (eds) SOFSEM 2014: Theory and Practice of Computer Science. SOFSEM 2014. Lecture Notes in Computer Science, vol 8327. Springer, Cham. https://doi.org/10.1007/978-3-319-04298-5_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-04298-5_41
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04297-8
Online ISBN: 978-3-319-04298-5
eBook Packages: Computer ScienceComputer Science (R0)