Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

Christophe Feltus; Eric Dubois; Michaël Petit

doi:10.1109/RELAW.2010.5625355

Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

Christophe Feltus, Eric Dubois, Michaël Petit

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Article dans les actes d'une conférence/un colloque

169 Téléchargements (Pure)

Résumé

The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.

langue originale	Anglais
titre	Proceedings of the Third International Workshop on Requirements Engineering and Law (RELAW10), in conjunction with RE 2010, Sydney, Australia
Editeur	IEEE
Pages	34-43
Nombre de pages	10
ISBN (imprimé)	978-1-4244-8761-5
Les DOIs	https://doi.org/10.1109/RELAW.2010.5625355
Etat de la publication	Publié - 2010

Accès au document

10.1109/RELAW.2010.5625355

70559manuscrit soumis, 538 KB

http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5625355

Contient cette citation

Feltus, C., Dubois, E., & Petit, M. (2010). Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements. Dans Proceedings of the Third International Workshop on Requirements Engineering and Law (RELAW10), in conjunction with RE 2010, Sydney, Australia (p. 34-43). IEEE. https://doi.org/10.1109/RELAW.2010.5625355

@inproceedings{354c5660cde24992a176a2da5e33298a,

title = "Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements",

abstract = "The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.",

keywords = "Alignment; CobiT; Responsibility; Traceability; Access right; RBAC; Requirement engineering.",

author = "Christophe Feltus and Eric Dubois and Micha{\"e}l Petit",

year = "2010",

doi = "10.1109/RELAW.2010.5625355",

language = "English",

isbn = "978-1-4244-8761-5 ",

pages = "34--43",

booktitle = "Proceedings of the Third International Workshop on Requirements Engineering and Law (RELAW10), in conjunction with RE 2010, Sydney, Australia",

publisher = "IEEE",

}

Feltus, C, Dubois, E & Petit, M 2010, Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements. Dans Proceedings of the Third International Workshop on Requirements Engineering and Law (RELAW10), in conjunction with RE 2010, Sydney, Australia. IEEE, p. 34-43. https://doi.org/10.1109/RELAW.2010.5625355

Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements. / Feltus, Christophe; Dubois, Eric; Petit, Michaël.
Proceedings of the Third International Workshop on Requirements Engineering and Law (RELAW10), in conjunction with RE 2010, Sydney, Australia. IEEE, 2010. p. 34-43.

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Article dans les actes d'une conférence/un colloque

TY - GEN

T1 - Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

AU - Feltus, Christophe

AU - Dubois, Eric

AU - Petit, Michaël

PY - 2010

Y1 - 2010

N2 - The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.

AB - The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.

KW - Alignment; CobiT; Responsibility; Traceability; Access right; RBAC; Requirement engineering.

U2 - 10.1109/RELAW.2010.5625355

DO - 10.1109/RELAW.2010.5625355

M3 - Conference contribution

SN - 978-1-4244-8761-5

SP - 34

EP - 43

BT - Proceedings of the Third International Workshop on Requirements Engineering and Law (RELAW10), in conjunction with RE 2010, Sydney, Australia

PB - IEEE

ER -

Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

Résumé

Accès au document

Empreinte digitale

Contient cette citation