Establishing Role-based Access Control in Viewpoint-oriented Variability Management
Tobias Kaufmann, Thorsten Weyer

TL;DR
This paper proposes a formal method to integrate role-based access control with variability modeling in software engineering, enabling explicit and precise control over access to variability information.
Contribution
It introduces a formal integration of access control models with variability modeling languages, extending the latter with formally defined operations for better security management.
Findings
Formal integration of access control and variability modeling achieved
Extended variability modeling language with new formal operations
Enables explicit, formal access control to variability information
Abstract
Process roles are used to structure complex engineering processes in single sys-tems development for many years. Typically, each role has specific responsi-bilities from which certain information demands originate. In the engineering of variable software, role-specific information demands affect variability in-formation. To control the access to the variability information, we suggest us-ing the concepts of an explicit access control model. We integrate an access control model and a variability modeling language on a conceptual level. Ad-ditionally, we extend the variability modeling language by formally defined operations. Based on this extension, we propose a formal integration of an ac-cess control model and the variability modeling language. Our solution allows to explicitly define access control to variability information on a formal basis.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Advanced Software Engineering Methodologies · Software System Performance and Reliability
