Role engineering: From design to evolution of security schemes

This paper presents a methodology to design the RBAC (Role-Based Access Control) scheme during the design phase of an Information System. Two actors, the component developer and the security administrator, will cooperate to define and set up the minimal set of roles in agreement with the application constraints and the organization constraints that guarantee the global security policy of an enterprise. In order to maintain the global coherence of the existing access control scheme, an algorithm is proposed to detect the possible inconsistencies before the integration of a new component in the Information System.