An integrated approach to engineer and enforce context constraints in RBAC environments

Strembeck, Mark; Neumann, Gustaf

doi:10.1145/1015040.1015043

Cited by 93 publications

(63 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The RBAC model may activate a role or grant permissions while taking into account the context under which the user makes the access request or the role activation request [21,19,34,24,22]. The RBAC model captures this context by defining contextual conditions.…”

Section: Overview Of Rbac Modelsmentioning

confidence: 99%

ESPOONERBAC: Enforcing security policies in outsourced environments

Asghar¹,

Ion²,

Russello³

et al. 2013

Computers & Security

View full text Add to dashboard Cite

Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data.For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing ESPOON ERBAC for enforcing RBAC policies in outsourced environments. ESPOON ERBAC enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented ESPOON ERBAC and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach.

show abstract

Section: Overview Of Rbac Modelsmentioning

confidence: 99%

ESPOONERBAC: Enforcing security policies in outsourced environments

Asghar¹,

Ion²,

Russello³

et al. 2013

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Context constraints define predicates that must evaluate to "true" in order to grant a certain access request. They allow for the consideration of context information in access decisions and enable the definition of additional conditions on permissions, like time constraints for example (for details see [19]). Our RBAC DSL provides the functionality of the xoRBAC component (see [13,19]) as an expressive language that separates the different concerns in this component.…”

Section: Case Study: Modeling Interdependent Concerns In An Rbac Dslmentioning

confidence: 99%

“…They allow for the consideration of context information in access decisions and enable the definition of additional conditions on permissions, like time constraints for example (for details see [19]). Our RBAC DSL provides the functionality of the xoRBAC component (see [13,19]) as an expressive language that separates the different concerns in this component. To implement the RBAC DSL, we defined a domain-specific weaver component that is capable to weave the different concerns according to domain-specific restrictions.…”

Section: Case Study: Modeling Interdependent Concerns In An Rbac Dslmentioning

confidence: 99%

Modeling Interdependent Concern Behavior Using Extended Activity Models.

Strembeck¹,

Zdun²

2008

JOT

Self Cite

View full text Add to dashboard Cite

Software engineering considers many assets relevant for developing a software system, ranging from requirements to source code. In this context, a concern is a particular goal, concept, or area of interest that needs to be considered throughout a number of these assets. Even though the concerns in a software system usually have many interdependencies among each other, specifying the interdependent behavior of concerns is not a focus of today's (concern) modeling approaches. In this paper, we present an approach to model interdependent concern behavior using extended UML2 activity models. Within these concern activity models, we directly support the separation of interdependent concerns. In addition, we provide bindings of the concern activity models to UML class and interaction models to enable a detailed specification of concern behavior.

show abstract

“…programming language independent) consistency checks. In particular, the algorithms result from the experiences we gained in the analysis, design, and implementation of corresponding software systems and tools (see, e.g., [6,9,10,13,14,15,16]). …”

Section: Introductionmentioning

confidence: 99%

“…Our work complements previous contributions by providing generic algorithms and procedures to ensure the design-time and runtime consistency of process-related RBAC models. The algorithms result from our experiences in analyzing, designing, and implementing corresponding software systems (see, e.g., [9,10,13,14,15,16]). …”

mentioning

confidence: 99%

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

Strembeck

Mendling

2010

On the Move to Meaningful Internet Systems: OTM 2010

Self Cite

View full text Add to dashboard Cite

In this paper, we present generic algorithms to ensure the consistency of mutual-exclusion and binding constraints in a business process context. We repeatedly identified the need for such generic algorithms in our real-world projects. Thus, the algorithms are a result of the experiences we gained in analyzing, designing, and implementing a number of corresponding software systems and tools. In particular, these algorithms check corresponding consistency requirements to prevent constraint conflicts and to ensure the design-time and runtime compliance of a process-related role-based access control (RBAC) model.

show abstract

An integrated approach to engineer and enforce context constraints in RBAC environments

Cited by 93 publications

References 47 publications

ESPOONERBAC: Enforcing security policies in outsourced environments

ESPOONERBAC: Enforcing security policies in outsourced environments

Modeling Interdependent Concern Behavior Using Extended Activity Models.

Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context

Contact Info

Product

Resources

About