Abstract
Granting the correct access between the agents and the artifacts is nowadays in the organizations agendas. The risk of allowing unauthorized accesses to critical information requires new solutions that are capable of dealing with a holistic perspective. Adaptive OACM refers to the capability of enforcing fine-grained access policies to business processes, services and information systems whenever facing changes, for instance, governance policies. This paper proposes an OACM ontology based in the RBAC, UUID, Rules and architectural model concepts. For exemplification purposes we instantiate the concepts of the ontology to an approval expense problem.
This work was partially supported by the Fundação para a Ciência e a Tecnologia (SFRH / BD/ 43252 / 2008).
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Atluri, V.: Panel on role engineering. In: SACMAT 2008: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 61–62 (2008)
Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)
Bertino, E., Ferrari, E., Atluri, V.: A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems. In: RBAC 1997: Proceedings of the Second ACM Workshop on Role-based Access Control, New York, NY, USA, pp. 1–12 (1997)
Carminati, F.E., Perego, A.: Enforcing access control in web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1), 1–38 (2009)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Hung, P., Karlapalem, K.: A secure workflow model. In: ACSW Frontiers 2003: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003, pp. 33–41. Australian Computer Society, Inc., Darlinghurst (2003)
Kang, M., Park, J., Froscher, J.: Access control mechanisms for inter-organizational workflow. In: SACMAT 2001: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 66–74 (2001)
Park, J., Costello, K., Neven, T., Diosomito, J.: A composite rbac approach for large, complex organizations. In: SACMAT 2004: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 163–172 (2004)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The nist model for role-based access control: Towards a unified standard. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 47–63 (2000)
Smith, C.: A survey to determine federal agency needs for a role-based access control security product. In: International Symposium on Software Engineering Standards, p. 222 (1997)
Wolter, C., Schaad, A., Meinel, C.: Task-based entailment constraints for basic workflow patterns. In: SACMAT 2008: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 51–60 (2008)
Ferraiolo, D., Kuhn, R., Chandramuli, R.: Role-Based Access control, 2nd edn. Artech House, Norwood (2007)
Herwig, M., Verelst, J.: Normalized Systems: Re-creating Information Technology based on Laws for Software Evolvability, Koppa (2009)
Department of Homeland Security Strategic Plan Fiscal Years 2008–2013, Homeland Security, USA (2008), http://www.dhs.org
Zhixiong, Z.: Scalable role organization based access control and its administration, PhD Thesis (2008)
Slone, S.: The Open Group Identity Management Work Area, Identity Management (March 2004)
IEEE830:1998, IEEE recommended practice for software requirements specifications. Technical report, Software Engineering Standards Committee of the IEEE Computer Society (1998)
Pressman, R.: Software Engineering, A practitioner’s Approach, 3rd edn. Mc Graw Hill Book Company, Europe (1992)
Kaufman, L.: Data Security in the World of Cloud Computing. Security & Privacy 7(4), 61–64 (2009)
Kandukuri, B., Paturi, V., Rakshit, A.: Cloud Security Issues. In: IEEE International Conference on Services Computing, SCC 2009, September 21-25, pp. 517–520 (2009)
Shaw, M., Garlan, D.: Formulations and Formalisms in Software Architecture. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, Springer, Heidelberg (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guerreiro, S., Vasconcelos, A., Tribolet, J. (2010). Adaptive Access Control Modes Enforcement in Organizations. In: Quintela Varajão, J.E., Cruz-Cunha, M.M., Putnik, G.D., Trigo, A. (eds) ENTERprise Information Systems. CENTERIS 2010. Communications in Computer and Information Science, vol 110. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16419-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-16419-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16418-7
Online ISBN: 978-3-642-16419-4
eBook Packages: Computer ScienceComputer Science (R0)