loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Seyed Hossein Ghotbi and Bernd Fischer

Affiliation: University of Southampton, United Kingdom

Keyword(s): Fine-grained Role-based Access Control, Testing Access Control Model and Mechanism, Web Applications, Domain-specific Language.

Related Ontology Subjects/Areas/Topics: Domain-Specific Languages ; MetaModeling ; Model Analysis and Checking ; Model Testing ; Model Transformation ; Modeling Languages ; Models ; Paradigm Trends ; Software Engineering

Abstract: Access control policies such as role-based access control (RBAC) enforce desirable security properties, in particular for Web-based applications with many different users. A fine-grained RBAC model gives the developers of such systems more customization and administrative power to control access to fine-granular elements such as individual cells of a table. However, the definition and deployment of such policies is not straightforward, and in many Web applications, they are hand-coded in the database or scattered throughout the application’s implementation, without taking advantage of underlying central elements, such as the data model or object types. This paper presents FRBAC, a fine-grained RBAC model for the Web application domain. FRBAC achieves separation of concerns for enforcing access to a range of objects with mixed-granularity levels. Moreover, it provides a unique testing mechanism that gives a guarantee to the developer about the correctness, completeness, and sufficienc y of the defined FRBAC model, both internally and in the context of its target application. We use code generation techniques to compile the specification of a FRBAC model down to the existing tiers of an existing domain-specific Web programming language, WebDSL. We show the benefits of FRBAC on the development of a departmental Web site. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.227.228.25

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Hossein Ghotbi, S. and Fischer, B. (2012). A Declarative Fine-grained Role-based Access Control Model and Mechanism for the Web Application Domain. In Proceedings of the 7th International Conference on Software Paradigm Trends - ICSOFT; ISBN 978-989-8565-19-8; ISSN 2184-2833, SciTePress, pages 80-91. DOI: 10.5220/0004083400800091

@conference{icsoft12,
author={Seyed {Hossein Ghotbi}. and Bernd Fischer.},
title={A Declarative Fine-grained Role-based Access Control Model and Mechanism for the Web Application Domain},
booktitle={Proceedings of the 7th International Conference on Software Paradigm Trends - ICSOFT},
year={2012},
pages={80-91},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004083400800091},
isbn={978-989-8565-19-8},
issn={2184-2833},
}

TY - CONF

JO - Proceedings of the 7th International Conference on Software Paradigm Trends - ICSOFT
TI - A Declarative Fine-grained Role-based Access Control Model and Mechanism for the Web Application Domain
SN - 978-989-8565-19-8
IS - 2184-2833
AU - Hossein Ghotbi, S.
AU - Fischer, B.
PY - 2012
SP - 80
EP - 91
DO - 10.5220/0004083400800091
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic