Title :
ReMoLa: Responsibility model language to align access rights with business process requirements
Author :
Feltus, Christophe ; Petit, Michaël ; Dubois, Eric
Author_Institution :
PReCISE Res. Centre, Univ. of Namur, Namur, Belgium
Abstract :
Access controls is an important IT security issue and has accordingly been a huge research topic for the last decade. Many models and role engineering methods have been provided since then, and RBAC has appeared to be one of the most significant contributions. In parallel to those developments, new requirements have appeared in the field of IT governance and they provide new constraints for the elicitation of access control policies. One of those requirements is to have access rights strictly aligned with the business process and to have the responsibility of the employees involved in those processes strictly defined and suitably assigned to the employee. RBAC doesn´t permit to integrate these new requirements. In this paper we propose a responsibility modeling language to align access rights with business processes requirements. To achieve that, our approach uses the concept of employees´ responsibility as a means to bridge the gap through frameworks from the business layer down to frameworks from the technical layer.
Keywords :
authorisation; business process re-engineering; formal verification; simulation languages; IT security; RBAC; ReMoLa; access control policies; access rights; business process requirements; responsibility model language; role engineering methods; Companies; Permission; Semantics; Standards; Training; Unified modeling language; Access right; Alignment; Business process; COBIT; RBAC; Requirements engineering; Responsibility; Traceability;
Conference_Titel :
Research Challenges in Information Science (RCIS), 2011 Fifth International Conference on
Conference_Location :
Gosier
Print_ISBN :
978-1-4244-8670-0
Electronic_ISBN :
2151-1349
DOI :
10.1109/RCIS.2011.6006828
