ReMoLa: Responsibility Model Language to Align Access Rights with Business Process Requirements

Christophe Feltus, Michaël Petit, Eric Dubois

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution

60 Downloads (Pure)

Abstract

Access controls is an important IT security issue and has accordingly been a huge research topic for the last decade. Many models and role engineering methods have been provided since then, and RBAC has appeared to be one of the most significant contributions. In parallel to those developments, new requirements have appeared in the field of IT governance and they provide new constraints for the elicitation of access control policies. One of those requirements is to have access rights strictly aligned with the business process and to have the responsibility of the employees involved in those processes strictly defined and suitably assigned to the employee. RBAC doesn't permit to integrate these new requirements. In this paper we propose a responsibility modeling language to align access rights with business processes requirements. To achieve that, our approach uses the concept of employees' responsibility as a means to bridge the gap through frameworks from the business layer down to frameworks from the technical layer.
Original languageEnglish
Title of host publicationProceeding of the Fifth IEEE International Conference on Research Challenges in Information Science (IEEE RCIS 2011), Gosier, Guadeloupe, French West Indies
EditorsColette Roll, Martine Collard.
PublisherIEEE
Pages107-112
Number of pages6
ISBN (Print)978-1-4244-8670-0
DOIs
Publication statusPublished - 2011

Keywords

  • Alignment; COBIT; Responsibility; Traceability; RBAC; Access right; Requirements engineering; Business process.

Fingerprint

Dive into the research topics of 'ReMoLa: Responsibility Model Language to Align Access Rights with Business Process Requirements'. Together they form a unique fingerprint.

Cite this