A uniform approach for access control and business models with explicit rule realization

Access control is an important part of security in software, such as business applications, since it determines the access of users to objects and operations and the constraints of this access. Business and access control models are expressed using different representations. In addition, access cont...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 15; no. 2; pp. 145 - 171
Main Authors Karimi, Vahid R., Alencar, Paulo S. C., Cowan, Donald D.
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.04.2016
Springer Nature B.V
Subjects
Access control
Alliances
Business
Business models
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer information security
Computer programs
Computer Science
Cryptology
Management of Computing and Information Systems
Mathematical models
Modelling
Networks
Operating Systems
Regular Contribution
Representations
Roles
Security management
Software
Studies
Trends
Resource–Event–Agent
Patterns
Access control rules
Access control models
Business models
Online AccessGet full text

Cover

More Information
Summary:Access control is an important part of security in software, such as business applications, since it determines the access of users to objects and operations and the constraints of this access. Business and access control models are expressed using different representations. In addition, access control rules are not generally defined explicitly from access control models. Even though the business model and access control model are two separate modeling abstractions, they are inter-connected as access control is part of any business model. Therefore, the first goal is to add access control models to business models using the same fundamental building blocks. The second goal is to use these models and define general access control rules explicitly from these models so that the connection between models and their realizations are also present. This paper describes a new common representation for business models and classes of access control models based on the Resource–Event–Agent (REA) modeling approach to business models. In addition, the connection between models and their represented rules is clearly defined. We present a uniform approach to business and access control models. First, access control primitives are mapped onto REA-based access control patterns. Then, REA-based access control patterns are combined to define access control models. Based on these models, general access control rules are expressed in Extended Backus–Naur Form.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-015-0275-z