Enforcing role-based access control policies in Web Services with UML and OCL

Karsten Sohr, Tanveer Mustafa, Xinyu Bao, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.

Original languageEnglish (US)
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages257-266
Number of pages10
DOIs
StatePublished - 2008
Event24th Annual Computer Security Applications Conference, ACSAC 2008 - Anaheim, CA, United States
Duration: Dec 8 2008Dec 12 2008

Other

Other24th Annual Computer Security Applications Conference, ACSAC 2008
CountryUnited States
CityAnaheim, CA
Period12/8/0812/12/08

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Enforcing role-based access control policies in Web Services with UML and OCL'. Together they form a unique fingerprint.

Cite this