Verification of access control coherence in information system during modifications

The paper deals with management of access control in an information system. It is suggested that the security of an information system should be a task solved on two principal levels: system development level and security administration level. Consequently, the responsibility for creating effective security measures for an information system ought to lie with both the application developer and the global administration. Moreover, sets of security constraints should be formulated also on those two levels. The paper defines requirements and obligations of each level using adapted tools based on the role-based access control (RBAC) model and employing the object-oriented conception method with UML (Unified Modeling Language). It is shown how the process of addition of a new application to an information system may be automated and how the administrator can be assisted in detecting incoherences or/and determining new relations between the elements existing in a system, such as roles or permissions.