Enforcing role-based access control policies in Web Services with UML and OCL

Karsten Sohr, Tanveer Mustafa, Xinyu Bao, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.

Original languageEnglish (US)
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages257-266
Number of pages10
DOIs
StatePublished - 2008
Event24th Annual Computer Security Applications Conference, ACSAC 2008 - Anaheim, CA, United States
Duration: Dec 8 2008Dec 12 2008

Other

Other24th Annual Computer Security Applications Conference, ACSAC 2008
CountryUnited States
CityAnaheim, CA
Period12/8/0812/12/08

Fingerprint

Access control
Web services
Engines

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Sohr, K., Mustafa, T., Bao, X., & Ahn, G-J. (2008). Enforcing role-based access control policies in Web Services with UML and OCL. In Proceedings - Annual Computer Security Applications Conference, ACSAC (pp. 257-266). [4721563] https://doi.org/10.1109/ACSAC.2008.35

Enforcing role-based access control policies in Web Services with UML and OCL. / Sohr, Karsten; Mustafa, Tanveer; Bao, Xinyu; Ahn, Gail-Joon.

Proceedings - Annual Computer Security Applications Conference, ACSAC. 2008. p. 257-266 4721563.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sohr, K, Mustafa, T, Bao, X & Ahn, G-J 2008, Enforcing role-based access control policies in Web Services with UML and OCL. in Proceedings - Annual Computer Security Applications Conference, ACSAC., 4721563, pp. 257-266, 24th Annual Computer Security Applications Conference, ACSAC 2008, Anaheim, CA, United States, 12/8/08. https://doi.org/10.1109/ACSAC.2008.35
Sohr K, Mustafa T, Bao X, Ahn G-J. Enforcing role-based access control policies in Web Services with UML and OCL. In Proceedings - Annual Computer Security Applications Conference, ACSAC. 2008. p. 257-266. 4721563 https://doi.org/10.1109/ACSAC.2008.35
Sohr, Karsten ; Mustafa, Tanveer ; Bao, Xinyu ; Ahn, Gail-Joon. / Enforcing role-based access control policies in Web Services with UML and OCL. Proceedings - Annual Computer Security Applications Conference, ACSAC. 2008. pp. 257-266
@inproceedings{a3b68fb598e64aa7adad5df248b84059,
title = "Enforcing role-based access control policies in Web Services with UML and OCL",
abstract = "Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.",
author = "Karsten Sohr and Tanveer Mustafa and Xinyu Bao and Gail-Joon Ahn",
year = "2008",
doi = "10.1109/ACSAC.2008.35",
language = "English (US)",
pages = "257--266",
booktitle = "Proceedings - Annual Computer Security Applications Conference, ACSAC",

}

TY - GEN

T1 - Enforcing role-based access control policies in Web Services with UML and OCL

AU - Sohr, Karsten

AU - Mustafa, Tanveer

AU - Bao, Xinyu

AU - Ahn, Gail-Joon

PY - 2008

Y1 - 2008

N2 - Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.

AB - Role-based access control (RBAC) is a powerful means for laying out higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In this paper, we present a Web Services-based authorization framework that can be employed to enforce organization-wide authorization constraints. We describe a generic authorization engine, which supports organization-wide authorization constraints and acts as a central policy decision point within the authorization framework. This authorization engine is implemented by means of the USE system, a validation tool for UML models and OCL constraints.

UR - http://www.scopus.com/inward/record.url?scp=60649098567&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=60649098567&partnerID=8YFLogxK

U2 - 10.1109/ACSAC.2008.35

DO - 10.1109/ACSAC.2008.35

M3 - Conference contribution

AN - SCOPUS:60649098567

SP - 257

EP - 266

BT - Proceedings - Annual Computer Security Applications Conference, ACSAC

ER -