Authors: Sigrid Schefer-Wenzl; Mark Strembeck
Addresses: Institute for Information Systems and New Media, WU Vienna, Austria; Competence Center for IT-Security, University of Applied Sciences Campus Vienna, Vienna, Austria ' Institute for Information Systems and New Media, WU Vienna, Austria
Abstract: In a mobile computing environment, distributed business processes are executed in varying contexts. Context-aware access control mechanisms help to protect sensitive data and services in mobile application scenarios. Context constraints are a means to consider context information in access control decisions. In this paper, we integrate context constraints with process-related role-based access control (RBAC) to support the secure and context-dependent task execution. In particular, we specify a formal metamodel for process-related and context-aware RBAC models. Subsequently, we define a domain-specific extension for UML Activity diagrams that enables the integrated modelling of context constraints and business processes. In addition, we implemented a software platform that enables the specification and enforcement of process-related context-aware RBAC policies.
Keywords: role-based access control; business process modelling; context constraints; object constraint language; security; unified modelling language; UML; context-aware RBAC; mobile business; m-business; metamodels.
International Journal of Wireless and Mobile Computing, 2013 Vol.6 No.5, pp.448 - 462
Received: 10 Nov 2012
Accepted: 27 Feb 2013
Published online: 28 Oct 2013 *