Please use this identifier to cite or link to this item:
Title: Extending RBAC model to control sequences of CRUD expressions
Author: Pereira, Óscar Mortágua
Regateiro, Diogo Domingues
Aguiar, Rui L.
Keywords: Information security
Access control
Software architecture
Software engineering
Issue Date: 1-Jul-2014
Publisher: Knowledge Systems Institute Graduate School (KSI)
Abstract: In database applications, access control is aimed at requests are mainly formalized by Create, Read, Update and Delete (CRUD)expressions. The supervision process can be formalized at a high level, such as based on the RBAC model, but in the end the relevant aspect is the data being accessed through each CRUD expression. In critical database applications access control can be enforced not on a CRUD by CRUD basis but enforced at the level of sequences of CRUD expressions (workflow). This situation can occur whenever established security policies are based on strict procedures that define step by step the actions (sequences of CRUD expressions) to be followed. Current RBAC models do not support this type of security policies. To overcome this security gap, we leverage previous researches to propose an extension to the RBAC model to control for each role which sequences of CRUD expressions are authorized. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC. Our use case is based on typed security layers built from a software architectural model and also from metadata based on the proposed RBAC model extension.
Peer review: yes
ISBN: 1-891706-35-7
ISSN: 2325-9000
Publisher Version:
Appears in Collections:DETI - Comunicações

Files in This Item:
File Description SizeFormat 
2014-07-01 (SEKE - Vancouver - Canada) Extending RBAC Model to Control Sequences of CRUD Expressions.pdfDocumento principal1.2 MBAdobe PDFView/Open

Formato BibTex MendeleyEndnote Degois 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.