Title: Modelling context-aware RBAC models for mobile business processes

Authors: Sigrid Schefer-Wenzl; Mark Strembeck

Addresses: Institute for Information Systems and New Media, WU Vienna, Austria; Competence Center for IT-Security, University of Applied Sciences Campus Vienna, Vienna, Austria ' Institute for Information Systems and New Media, WU Vienna, Austria

Abstract: In a mobile computing environment, distributed business processes are executed in varying contexts. Context-aware access control mechanisms help to protect sensitive data and services in mobile application scenarios. Context constraints are a means to consider context information in access control decisions. In this paper, we integrate context constraints with process-related role-based access control (RBAC) to support the secure and context-dependent task execution. In particular, we specify a formal metamodel for process-related and context-aware RBAC models. Subsequently, we define a domain-specific extension for UML Activity diagrams that enables the integrated modelling of context constraints and business processes. In addition, we implemented a software platform that enables the specification and enforcement of process-related context-aware RBAC policies.

Keywords: role-based access control; business process modelling; context constraints; object constraint language; security; unified modelling language; UML; context-aware RBAC; mobile business; m-business; metamodels.

DOI: 10.1504/IJWMC.2013.057387

International Journal of Wireless and Mobile Computing, 2013 Vol.6 No.5, pp.448 - 462

Received: 10 Nov 2012
Accepted: 27 Feb 2013

Published online: 28 Oct 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article