Conceptualizing a responsibility based approach for elaborating and verifying RBAC policies conforming with CobiT framework requirements

Author

Feltus, Christophe ; Dubois, Eric ; Petit, Michaël

Author_Institution

Public Res. Center Henri Tudor, Luxembourg-Kirchberg, Luxembourg

fYear

2010

fDate

28-28 Sept. 2010

Firstpage

34

Lastpage

43

Abstract

The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees´ responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.

Keywords

authorisation; business data processing; formal verification; CobiT framework requirements; RBAC policies; Sarbanes-Oxley Act; business level requirements; business-IT alignment method; responsibility based approach; role based access control; Companies; Humans; Permission; Unified modeling language; Access right; Alignment; CobiT; RBAC; Requirement engineering; Responsibility; Traceability;

fLanguage

English

Publisher

ieee

Conference_Titel

Requirements Engineering and Law (RELAW), 2010 Third International Workshop on

Conference_Location

Sydney, NSW

Print_ISBN

978-1-4244-8761-5

Electronic_ISBN

978-1-4244-8760-8

Type

conf

DOI

10.1109/RELAW.2010.5625355

Filename

5625355