Secure System Integration and Reliability Improvement (2011)
Jeju Island, Korea
June 27, 2011 to June 29, 2011
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SSIRI.2011.16
Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for developing hybrid systems of RBAC and MAC from a development perspective. In this work, we present a feature-based modeling approach for developing hybrid access control systems. In the approach, RBAC and MAC are designed in terms of features and features are configured based on requirements. Configured features are then composed to produce a design model that supports hybrid access control. The approach enables systematic development of hybrid systems of RBAC and MAC and reduces development complexity and errors through need-based configuration of features in early development phases. We use a hospital system to demonstrate the approach. Tool support for the approach is also discussed.
feature modeling, hybrid access control, MAC, RBAC, UML
S. Kim, S. Kim, L. Lu, D. Kim and S. Park, "A Feature-Based Modeling Approach for Building Hybrid Access Control Systems," Secure System Integration and Reliability Improvement(SSIRI), Jeju Island, Korea, 2011, pp. 88-97.