{"title":"ABAC Requirements Engineering for Database Applications","authors":"J. Longstaff, Mengda He","doi":"10.1109/TASE.2019.00-22","DOIUrl":null,"url":null,"abstract":"We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, \"break glass\" overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool.","PeriodicalId":183749,"journal":{"name":"2019 International Symposium on Theoretical Aspects of Software Engineering (TASE)","volume":"110 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Symposium on Theoretical Aspects of Software Engineering (TASE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TASE.2019.00-22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, "break glass" overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
