# Establishing Role-based Access Control in Viewpoint-oriented Variability   Management

**Authors:** Tobias Kaufmann, Thorsten Weyer

arXiv: 1703.02754 · 2017-03-09

## TL;DR

This paper proposes a formal method to integrate role-based access control with variability modeling in software engineering, enabling explicit and precise control over access to variability information.

## Contribution

It introduces a formal integration of access control models with variability modeling languages, extending the latter with formally defined operations for better security management.

## Key findings

- Formal integration of access control and variability modeling achieved
- Extended variability modeling language with new formal operations
- Enables explicit, formal access control to variability information

## Abstract

Process roles are used to structure complex engineering processes in single sys-tems development for many years. Typically, each role has specific responsi-bilities from which certain information demands originate. In the engineering of variable software, role-specific information demands affect variability in-formation. To control the access to the variability information, we suggest us-ing the concepts of an explicit access control model. We integrate an access control model and a variability modeling language on a conceptual level. Ad-ditionally, we extend the variability modeling language by formally defined operations. Based on this extension, we propose a formal integration of an ac-cess control model and the variability modeling language. Our solution allows to explicitly define access control to variability information on a formal basis.

---
Source: https://tomesphere.com/paper/1703.02754