ABAC Requirements Engineering for Database Applications

Jim Longstaff, Mengda He

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Downloads (Pure)

Abstract

We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, “break glass” overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool.
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publication2019 13th International Symposium on Theoretical Aspects of Software Engineering
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages33 - 40
Number of pages8
ISBN (Electronic)9781728133423
DOIs
Publication statusPublished - 29 Jul 2019
EventThe 13th International Symposium on Theoretical Aspects of Software Engineering - Guilin, China
Duration: 29 Jul 20191 Aug 2019
http://www.se.gxnu.edu.cn/tase2019/

Conference

ConferenceThe 13th International Symposium on Theoretical Aspects of Software Engineering
CountryChina
CityGuilin
Period29/07/191/08/19
Internet address

Fingerprint

Requirements engineering
Access control
Glass
Processing

Cite this

Longstaff, J., & He, M. (2019). ABAC Requirements Engineering for Database Applications. In Proceedings: 2019 13th International Symposium on Theoretical Aspects of Software Engineering (pp. 33 - 40). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TASE.2019.00-22
Longstaff, Jim ; He, Mengda. / ABAC Requirements Engineering for Database Applications. Proceedings: 2019 13th International Symposium on Theoretical Aspects of Software Engineering. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 33 - 40
@inproceedings{4dfda88f89cb4992acb91b1491c060c2,
title = "ABAC Requirements Engineering for Database Applications",
abstract = "We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, “break glass” overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool.",
author = "Jim Longstaff and Mengda He",
year = "2019",
month = "7",
day = "29",
doi = "10.1109/TASE.2019.00-22",
language = "English",
pages = "33 -- 40",
booktitle = "Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

Longstaff, J & He, M 2019, ABAC Requirements Engineering for Database Applications. in Proceedings: 2019 13th International Symposium on Theoretical Aspects of Software Engineering. Institute of Electrical and Electronics Engineers Inc., pp. 33 - 40, The 13th International Symposium on Theoretical Aspects of Software Engineering, Guilin, China, 29/07/19. https://doi.org/10.1109/TASE.2019.00-22

ABAC Requirements Engineering for Database Applications. / Longstaff, Jim; He, Mengda.

Proceedings: 2019 13th International Symposium on Theoretical Aspects of Software Engineering. Institute of Electrical and Electronics Engineers Inc., 2019. p. 33 - 40.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - ABAC Requirements Engineering for Database Applications

AU - Longstaff, Jim

AU - He, Mengda

PY - 2019/7/29

Y1 - 2019/7/29

N2 - We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, “break glass” overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool.

AB - We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, “break glass” overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool.

U2 - 10.1109/TASE.2019.00-22

DO - 10.1109/TASE.2019.00-22

M3 - Conference contribution

SP - 33

EP - 40

BT - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Longstaff J, He M. ABAC Requirements Engineering for Database Applications. In Proceedings: 2019 13th International Symposium on Theoretical Aspects of Software Engineering. Institute of Electrical and Electronics Engineers Inc. 2019. p. 33 - 40 https://doi.org/10.1109/TASE.2019.00-22