SSD RBAC

A metamodel for for hierarchical Static Separation of Duty (SSD) and Role-Based Access Control (RBAC), which consists of the Core RBAC, hierarchical RBAC, and SSD relations.
Specurity Aspects
Name
Description
Given a primary model, an SST can be instantiated to produce a context-specific class diagram that describes the design structure used to address the access control concern.
Specification Elements
Name
Description
A user is an intelligent autonomous agent.
An object is an entity that contains or receives information.
An operation performs tasks
A role is a job function.
A permission is an approval to perform operations on objects.
A user establishes a session during which he activates a subset of the roles assigned to him.

  • Security Aspects

    • Access-Control Concerns

      Given a primary model, an SST can be instantiated to produce a context-specific class diagram that describes the design structure used to address the access control concern.
      Specification Elements:
      Object
      Operation
      Permission
      Role
      Session
      User
      Threats:
      Tampering with Data
      Information Disclosure

    Specification Elements

    • User

      A user is an intelligent autonomous agent.
      Applies to:
      Entity

    • Object

      An object is an entity that contains or receives information.
      Applies to:
      Data

    • Operation

      An operation performs tasks
      Applies to:
      Activity

    • Role

      A role is a job function.
      Applies to:
      State

    • Permission

      A permission is an approval to perform operations on objects.
      Applies to:
      State

    • Session

      A user establishes a session during which he activates a subset of the roles assigned to him.
      Applies to:
      State