Visual RBAC

A visual language with aspect-specific diagrams to specify access and security policies according to the role based access control (RBAC).
Specurity Aspects
Name
Description
The Role Diagram (RD) allows to define the roles and their hierarchical relations.
The Permission Diagram (PD) allows to define access permissions for a resource and to associate permissions to a role.
The Separation of Duties Diagram (SDD) allows to define the mutually exclusive relations between users or subjects and a set of roles.
The Role Assignment Diagram (RAD) allows to define the association between a user or subject and roles.
Specification Elements
Name
Description
A role that a user can have in the system.
A generalization relationship between two roles.
A resource by a role. The concrete resources depend on the application domain and can comprise hardware, services, data, etc.
The type of action a subject can perform on a resource in relation to its role.
Forbids the use of a resource by a subject based on its role.
An entity in the system such as a user.
Used to define static restrictions of a subject to a role.
Expresses conditions for each subject on the use of a resource.

  • Security Aspects

    • Role Diagram

      The Role Diagram (RD) allows to define the roles and their hierarchical relations.
      Specification Elements:
      Role
      Generalization
      Threats:
      Elevation of Privileges

    • Permission Diagram

      The Permission Diagram (PD) allows to define access permissions for a resource and to associate permissions to a role.
      Specification Elements:
      Action
      Resource
      Restriction
      Role
      Threats:
      Information Disclosure
      Tampering with Data

    • Separation of Duties Diagram

      The Separation of Duties Diagram (SDD) allows to define the mutually exclusive relations between users or subjects and a set of roles.
      Specification Elements:
      Subject
      Exclusion
      Role
      Threats:
      Elevation of Privileges

    • Role Assignment Diagram

      The Role Assignment Diagram (RAD) allows to define the association between a user or subject and roles.
      Specification Elements:
      Subject
      Resource
      Condition
      Threats:
      Information Disclosure
      Tampering with Data

    Specification Elements

    • Role

      A role that a user can have in the system.
      Applies to:
      State

    • Generalization

      A generalization relationship between two roles.
      Applies to:

    • Resource

      A resource by a role. The concrete resources depend on the application domain and can comprise hardware, services, data, etc.
      Applies to:
      Activity
      Data
      Entity
      Node

    • Action

      The type of action a subject can perform on a resource in relation to its role.
      Applies to:
      State

    • Restriction

      Forbids the use of a resource by a subject based on its role.
      Applies to:
      State

    • Subject

      An entity in the system such as a user.
      Applies to:
      Entity

    • Exclusion

      Used to define static restrictions of a subject to a role.
      Applies to:
      State

    • Condition

      Expresses conditions for each subject on the use of a resource.
      Applies to:
      State