Use Case-Driven Role Based Access Control Security Authorization

Role based access control is the most popular access control model recently. In tradition there exists a problem that the role based access control model is not accord well with the system demanding analyse. And it can not guarantee that the security model could meet the users´ demands. This paper introduces a method which describes the design and definition of the role´s rights in system modeling based on use-case driven RBAC. It considers the concept of use case based on RBAC characteristics which combines the use-case model with RBAC model by extending the use case and formalizing the scenario map. Comparing with traditional systems that incorporate use case design model at the end of system design, this method is designed from the beginning of the security design process, so it could identify security problems earlier in the system design to prevent gaps in the security system and meet the least privilege rule.