TY - GEN
T1 - A Formal Framework for Adaptive Access Control Models
AU - Rinderle, Stefanie B.
AU - Reichert, Manfred
N1 - Conference code: 13
PY - 2007/6
Y1 - 2007/6
N2 - For several reasons enterprises are frequently subject to organizational change. Respective adaptations may concern business processes, but also other components of an enterprise architecture. In particular, changes of organizational structures often become necessary. The information about organizational entities and their relationships is maintained in organizational models. Therefore the quick and correct adaptation of these models is fundamental to adequately cope with organizational changes. However, model changes alone are not sufficient to guarantee consistency. Since organizational models also provide the basis for defining access rules (e.g., actor assignments in workflow management systems or access rules in document-centered applications) this information has to be adapted accordingly (e.g., to avoid dangling references or non-resolvable actor assignments). Current approaches do not adequately address this problem, which often leads to security gaps and delayed change implementation. In this paper we introduce a formal framework for the controlled evolution of organizational models and related access rules. Firstly, we introduce a set of operators with well-defined semantics for defining and changing organizational models. Secondly, we show how to define access rules based on such models. In this context we also define a notion of correctness for access rules. Thirdly, we present a formal framework for the (semi-automated) adaptation of access rules when the underlying organizational model is changed by exploiting the semantics of the applied changes. Altogether the presented approach provides an important contribution for realizing adaptive access control frameworks.
AB - For several reasons enterprises are frequently subject to organizational change. Respective adaptations may concern business processes, but also other components of an enterprise architecture. In particular, changes of organizational structures often become necessary. The information about organizational entities and their relationships is maintained in organizational models. Therefore the quick and correct adaptation of these models is fundamental to adequately cope with organizational changes. However, model changes alone are not sufficient to guarantee consistency. Since organizational models also provide the basis for defining access rules (e.g., actor assignments in workflow management systems or access rules in document-centered applications) this information has to be adapted accordingly (e.g., to avoid dangling references or non-resolvable actor assignments). Current approaches do not adequately address this problem, which often leads to security gaps and delayed change implementation. In this paper we introduce a formal framework for the controlled evolution of organizational models and related access rules. Firstly, we introduce a set of operators with well-defined semantics for defining and changing organizational models. Secondly, we show how to define access rules based on such models. In this context we also define a notion of correctness for access rules. Thirdly, we present a formal framework for the (semi-automated) adaptation of access rules when the underlying organizational model is changed by exploiting the semantics of the applied changes. Altogether the presented approach provides an important contribution for realizing adaptive access control frameworks.
KW - Role-based access control
KW - Organizational change
KW - Adaptive information systems
KW - Evolution of access rules
KW - SCS-Services
KW - n/a OA procedure
U2 - 10.1007/978-3-540-74987-5_3
DO - 10.1007/978-3-540-74987-5_3
M3 - Conference contribution
SN - 978-3-540-74982-0
T3 - Lecture Notes in Computer Science
SP - 82
EP - 112
BT - Journal on Data Semantics IX
A2 - Spaccapietra, Stefano
A2 - Atzeni, Paolo
A2 - Fages, François
A2 - Hacid, Mohand-Saïd
PB - Springer
CY - Berlin, Heidelberg
T2 - 13th International Conference Cooperative Information Systems, CoopIS 2005
Y2 - 2 November 2005 through 4 November 2005
ER -