• citations in SCIndeks: 0
  • citations in CrossRef:0
  • citations in Google Scholar:[]
  • visits in previous 30 days:2
  • full-text downloads in 30 days:0


article: 1 from 2  
Back back to result list
2013, vol. 12, iss. 45, pp. 34-41
Access control modeling
University of Novi Sad, Faculty of Technical Science, Serbia,,
Keywords: access control; MDS; XML; UML; DSL
Access control is growing concern in software industry. With expansion of computer based business systems and widespread communication a software engineer is facing tremendous security requirements. Ever increasing complexity cannot be addressed using ad-hoc approaches. It is necessary to develop methodologies for modeling access control systems and defining access control policies. This paper presents different methodologies for access control modeling, grouped into four approaches: formal language based, XML based, UML based and DSL based.
Ahn, G.J., Sandhu, R. (1999) The RSL 99 language for role-based separation of duty constraints. ACM RBAC99
Ahn, G.J., Shin, M.E. (2001) Role-based authorization constraints specification using object constraint language. in: WETICE ‘01, 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Proceedings, 157-162
Ahn, G., Sandhu, R. (2000) Role-based authorization constraints specification. ACM Transactions on Information and System Security, 3(4): 207-226
Alam, M., Hafner, M., Memon, M., Hung, P. Modeling and enforcing advanced access control policies in healthcare systems with SECTET
Baird, R., Gamble, R. (2011) Developing a security meta-language framework. in: HICSS‘11 Proceedings of the 2011 Hawaii International Conference on System Sciences (XLIV), str. 1-10
Barker, S. (2009) The next 700 access control models or a unifying meta-model. in: SACMAT09, str. 187-196
Basin, D., Doser, J. (2005) Model Driven Security: from UML Models to Access Control Infrastructures. Information Security Group. ETH Zurich
Basin, D., Clavel, M., Doser, J., Egea, M. (2007) A Metamodel- Based Approach for Analyzing Security-Design Models. in: MoDELS, 420-435
Bézivin, J. (2005) Model driven engineering: An emerging technical space. in: Proceedings of the international conference on Generative and Transformational Techniques in Software Engineering, str. 36-64
Busch, M., Koch, N., Masi, M., Pugliese, R., Tiezzi, F. (2012) Towards model-driven development of access control policies for web applications. in: MDsec 2012, Innsbruck
Cirit, Ç., Buzluca, F. (2009) A UML Profi le for Role-Based Access Control. in: SIN ‘09 Proceedings of the 2nd international conference on Security of information and networks, 83-92
Crampton, J. XACML and role-based access control. in: DIMACS Workshop on Secure Web Services and e-Commerce
Dae-Kyoo, K., Indrakshi, R., France, R., Li, N. (2004) Modeling role-based access control using parameterized UML models. in: FASE, str. 80-193
Dejanović, I. (2008) Metamodel, editor modela i generator poslovnih aplikacija. Novi Sad: FTN, magistarska teza
Department of Defense National Computer Security Center (1985) Trusted computer system evaluation criteria. Orange book
Djuric, D., Gaševi, D., Devedžic, V. (2006) The Tao of Modeling Spaces. Journal of Object Technology, 5(8): 125
Essmayr, W., Probst, S., Weippl, E. (2004) Role-Based Access Controls: Status, Dissemination, and Prospects for Generic Security Mechanisms. Electronic Commerce Research, 4(1/2): 127-156
Ferraiolo, D.R., Kuhn, D.R., Chandramouli, R. (2003) Role-based access control. Artech House
France, R., Rumpe, B. (2007) Model-driven development of complex software: A research roadmap. in: Future of Software Engineering, 37-54
Hafner, M., Breu, R., Agreiter, B., Nowak, A. (2006) Sectet: an extensible framework for the realization of secure inter-organizational workflows. Internet Research, 16(5): 491-506
Hummer, W., Gaubatz, P., Strembeck, M., Zdun, U., Dustdar, S. (2011) An integrated approach for identity and access management in a SOA context. in: SACMAT11, Innsbruck, str. 21-30
Juerjens, J. (2005) Secure systems development with UML. Berlin, itd: Springer Verlag
Jürjens, J. (2002) UMLsec: Extending UML for secure systems development. in: UML02 Proceedings of the International Conference on The Unifi Modeling Language (V), str. 412-425
Kent, S. (2002) Model driven engineering. in: Proceedings of the International Conference on Integrated Formal Methods (III), str. 286-298
Lampson, B.W. (1971) Protection. in: Information Sciences and Systems, 5th Princeton Conference, Proceedings
Lang, U., Schreiner, R. (2008) Model driven security management: Making security management manageable in complex distributed systems. in: MODELS ć08
Lodderstedt, T., Basin, D., Doser, J. (2002) Secure UML: A UML based modeling language for model-driven security. in: Proceedings of the International Conference on The Unifi Modeling Language (V)
Mankai, M., Logrippo, L. (2005) Access control policies: Modeling and validation. in: Logrippo-Proceedings of the 5th NOTERE Conference, Gatineau, Canada, 85-91
Martínez, S., Cabot, J., Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N. (2012) A model-driven approach for the extraction of network access-control policies. in: MDsec 2012, Innsbruck
Massacci, F., Zannone, N. (2008) A model-driven approach for the specification and analysis of access control policies. in: OTM‘08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008, str. 1087-1103
Mellor, S.J., Clark, A.N., Futagami, T. (2003) Model-driven development - Guest editor's introduction. IEEE Software, 20(5): 14-18
Mouelhi, T., Fleurey, F., Baudry, B., Traon, Y.L. (2008) A model-based framework for security policy specification, deployment and testing. in: MoDELS‘08: Proceedings of the international conference on Model Driven Engineering Languages and Systems (XI), str. 537-552
O.M.G. Unified modeling language: Infrastructure, version 2.O. formal/05-07-05
OASIS (2010) eXtensible Access Control Markup Language (XACML) Version 3. O.
OASIS (2007) Web services business process execution language version 2. O. OASIS Standard,, April
Olivier-Nathanaël, B.D., Benoit, B. (2012) Toward a Modeldriven Access-control Enforcement Mechanism for Pervasive Systems. in: MDsec 2012, Innsbruck, Austria
Pierangela, S., de Capitani, V.S. (2001) Access control: Policies, models, and mechanisms
Ray, I., Li, N., Kim, D.K., France, R. (2003) Using parameterized UML to specify and compose access control models. in: Proceedings of the IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (VI), Lausanne, str. 49-65
Reznik, J., Ritter, T., Schreiner, R., Lang, U. (2007) Model Driven Development of Security Aspects. Electronic Notes in Theoretical Computer Science, 163(2): 65-79
Sanchez, O., Molina, F., Garcıa-Molina, J., Toval, A. (2009) ModelSec: A Generative Architecture for Model-Driven Security. Journal of Universal Computer Science, vol. 15, no. 15, pp. 2957-2980
Sandhu, R., Samarati, P. (1996) Authentication, access control, and audit. ACM Computing Surveys, 28(1): 241-243
Schaad, A., Moffett, J., Jacob, J. (2001) The role-based access control system of a European bank: A case study and discussion. in: SACMAT 01
Schmidt, D.C. (2006) Model-driven engineering. IEEE Computer, Vol.39, No.2, 25-31
Sladic, G., Milosavljevic, B., Surla, D., Konjovic, Z. (2012) Flexible access control framework for MARC records. Electronic Library, 30(5): 623-652
Sladić, G., Milosavljević, B., Konjović, Z., Vidaković, M. (2011) Access control framework for XML document collections. Computer Science and Information Systems / ComSIS, vol. 8, br. 3, str. 591-609
Sladić, G. (2006) Proširivi sistem za kontrolu pristupa XML dokumentima zasnovanu na korisničkim ulogama. Novi Sad, magistarska teza
Slimani, N., Khambhammettu, H., Adi, K., Logrippo, L. (2011) UACML: Unifi ed access control modeling language. in: IFIP International Conference on New Technologies, Mobility and Security (NTMS) (IV), str. 1-8
Strembeck, M., Mendling, J. (2011) Modeling process-related RBAC models with extended UML activity models. Information and Software Technology, 53(5): 456-483
Sun, W., France, R., Ray, I. (2011) Rigorous analysis of UML access control policy models. in: POLICY‘11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks, str. 9-16
Zarnett, J., Tripunitara, M., Lam, P. Role-Based Access Control (RBAC) in Java via Proxy objects using annotations. in: Proceedings of the ACM symposium on Access control models and technologies (XV), str. 79-88


article language: Serbian
document type: Paper
published in SCIndeks: 02/09/2013

Related records

No related records