Security Description Summary

Describes the assignment of Users to roles in sesstions and permissions of roles to access objects and operations.

Specurity Aspects

Name

Description

RBAC Correctness

Enables the modeling of secure RBAC policies

Specification Elements

Name

Description

Assigns users to permissions

Person interacting with the user

Assigns whether a role may access an object or activity

Security Aspects
- RBAC Correctness
  Enables the modeling of secure RBAC policies
  Specification Elements:
  Permission
  Role
  User
  Threats:
  Elevation of Privileges
  Information Disclosure
  Tampering with Data
  Spoofing
Specification Elements
- Role
  Assigns users to permissions
  Applies to:
  Entity
- User
  Person interacting with the user
  Applies to:
  Entity
- Permission
  Assigns whether a role may access an object or activity
  Applies to:
  Data
  Activity