发布求助
文献互助 智能选刊 最新文献

ACM Workshop on Role-Based Access Control最新文献

筛选
英文 中文
A model of accountability, confidentiality and override for healthcare and other applications 医疗保健和其他应用程序的问责制、保密性和覆盖模型
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344304
J. Longstaff, M. Lockyer, M. Thick
{"title":"A model of accountability, confidentiality and override for healthcare and other applications","authors":"J. Longstaff, M. Lockyer, M. Thick","doi":"10.1145/344287.344304","DOIUrl":"https://doi.org/10.1145/344287.344304","url":null,"abstract":"A UML model of Authorisation is described, which was developed for an Electronic Medical Records application in collaboration with the UK NHS Information Authority. The model is an enhancement of the UK Healthcare Model (HcM), in that it provides extra classes for use with HcM classes. It provides powerful confidentiality specification capabilities, which can also be used in other applications.\u0000A Role (actually called AgentActivityType for consistency with the HcM) may be directly associated with an Accountability. An Accountability is an agreement where one Party commissions a second Party to undertake Activities under the authority of that Accountability.\u0000Four types of Confidentiality Permission are defined which allow access to data items (SubjectPhenomena), or to data items with specific types (SubjectPhenomenonType). Access can be granted to individual Agents, or to AuthorizedAgents acting in specified Roles. A model of override allows the Confidentiality Permissions to be overridden in a strictly controlled way. Override facilities are granted to Agents by establishing appropriate Accountabilities, and any use of override is logged.\u0000Access to data can be granted to groups of Agents, and to group of Roles. Establishing access rights for a group involves defining a set of Confidentiality Permissions for the group.\u0000The Authorisation Model is illustrated throughout the paper by examples from healthcare. In particular a demanding scenario (child abuse) is presented. In this scenario complex restrictions must be placed on the data, which might result in inappropriate actions if clinicians and other professionals are denied access to the data.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128292806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Injecting RBAC to secure a Web-based workflow system 注入RBAC以保护基于web的工作流系统
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344295
Gail-Joon Ahn, R. Sandhu, Myong H. Kang, Joon S. Park
{"title":"Injecting RBAC to secure a Web-based workflow system","authors":"Gail-Joon Ahn, R. Sandhu, Myong H. Kang, Joon S. Park","doi":"10.1145/344287.344295","DOIUrl":"https://doi.org/10.1145/344287.344295","url":null,"abstract":"Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the workflow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122239851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 112
The NIST model for role-based access control: towards a unified standard NIST基于角色的访问控制模型:走向统一标准
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344301
R. Sandhu, David F. Ferraiolo, R. Kuhn
{"title":"The NIST model for role-based access control: towards a unified standard","authors":"R. Sandhu, David F. Ferraiolo, R. Kuhn","doi":"10.1145/344287.344301","DOIUrl":"https://doi.org/10.1145/344287.344301","url":null,"abstract":"This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called flat RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising flat and hierarchical RBAC in an ordered sequence and two unordered features—constraints and symmetry—is also presented. The paper furthermore identifies important attributes of RBAC not included in the NIST model. Some are not suitable for inclusion in a consensus document. Others require further work and agreement before standardization is feasible.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123710332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1033
Integrated constraints and inheritance in DTAC DTAC中的集成约束和继承
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344307
Jonathon Tidswell, T. Jaeger
{"title":"Integrated constraints and inheritance in DTAC","authors":"Jonathon Tidswell, T. Jaeger","doi":"10.1145/344287.344307","DOIUrl":"https://doi.org/10.1145/344287.344307","url":null,"abstract":"Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128630639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Role delegation in role-based access control 基于角色的访问控制中的角色委派
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344300
S. Na, Suh-Hyun Cheon
{"title":"Role delegation in role-based access control","authors":"S. Na, Suh-Hyun Cheon","doi":"10.1145/344287.344300","DOIUrl":"https://doi.org/10.1145/344287.344300","url":null,"abstract":"In distributed-computing environments, applications or users have to share resources and communicate with each other to perform their jobs more efficiently. For better performance, it is important to keep resources and the information integrity from the unexpected use by unauthorized user. Therefore, there is a strong demand for the authentication and the access control of distributed-shared resources. Nowadays, three kinds of access control, discretionary access control (DAC) mandatory access control (MAC) and role-based access control (RBAC) have been proposed. In RBAC, there are role hierarchies in which a senior role can perform the permission of a junior role. However, it is sometimes necessary for a junior role to perform a senior role’s permission, which is not allowed basically by a junior role. In this paper, we will propose a role delegation method, consisting of a role delegation server, and a role delegation protocols. We divide the delegation into two by the triggered object: active delegation and passive delegation. Consequently, a junior role can gain a senior role’s permissions.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125313061","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 83
Modeling users in role-based access control 在基于角色的访问控制中对用户建模
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344299
Sylvia L. Osborn, Yuxia Guo
{"title":"Modeling users in role-based access control","authors":"Sylvia L. Osborn, Yuxia Guo","doi":"10.1145/344287.344299","DOIUrl":"https://doi.org/10.1145/344287.344299","url":null,"abstract":"The essential properties of a simple model for users, groups and group hierarchies for role-based access control, embodied in a group graph, are presented. The interaction between the group graph and the role graph model of Nyanchama and Osborn is shown. More complex models of users and their compatibility with the group graph model are discussed.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128449933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 63
Role-finding/role-engineering (panel session) 角色寻找/角色工程(小组会议)
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344303
Haio Roeckle
{"title":"Role-finding/role-engineering (panel session)","authors":"Haio Roeckle","doi":"10.1145/344287.344303","DOIUrl":"https://doi.org/10.1145/344287.344303","url":null,"abstract":"Role-Engineering is recognized as an important part of the implementation of RBAC in real life organizations. It is therefore an interesting part of the research on RBAC. In the past several years, authors have contributed to the discussion on roleengineering in different environments and with different approaches. In large business companies it is often said the roles are present somewhere within the business organization and need only be found. That's where the expression Role-Finding arose.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"147 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120973224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Engineering authority and trust in cyberspace: the OM-AM and RBAC way 网络空间中的工程权威和信任:OM-AM和RBAC方式
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344309
R. Sandhu
{"title":"Engineering authority and trust in cyberspace: the OM-AM and RBAC way","authors":"R. Sandhu","doi":"10.1145/344287.344309","DOIUrl":"https://doi.org/10.1145/344287.344309","url":null,"abstract":"Information systems of the future will be large-scale, highly decentralized, pervasive, span organizational boundaries and evolve rapidly. Effective security in this cyberspace will require engineering authority and trust retationships across organizations and individuals. In this paper we propose the four-layer OM-AM framework for this purpose. OM-AM comprises objective, model, architecture and mechanism layers in this sequence. The objective and model (OM) layers articulate whatthe security objective and tradeoffs are, while the architecture and mechanism (AM) layers address howto meet these requirements. The hyphen in OM-AM emphasizes the shift from what to how. These layers are roughly analogous to a network protocol stack with a many-to-many relationship between successive layers, and most certainly do not imply a top-down waterfall-style software engineering process. OM-AM is an excellent match to the policy-neutral and flexible nature of role-based access control (RBAC). This paper describes and motivates the OM-AM framework and presents a case study in applying it in a distributed RBAC application.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132910159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 77
Enabling technologies for role based online decision engines 基于角色的在线决策引擎的启用技术
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344305
T. Gebhardt, T. Hildmann
{"title":"Enabling technologies for role based online decision engines","authors":"T. Gebhardt, T. Hildmann","doi":"10.1145/344287.344305","DOIUrl":"https://doi.org/10.1145/344287.344305","url":null,"abstract":"The implementation of an RBAC system at the TUB led us towards a specific meaning of role-based access control, where decisions regarding user permissions are based on online evaluations of a distributed RBAC model, we call this approach role-based online decision (RoBOD). Requirements of our project partners and the integration of our solution into application environments showed that a number of enabling technologies, i.e. authentication and secure communication, are necessary to employ RBAC in networked application architectures.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123908519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Rebuttal to the NIST RBAC model proposal 对NIST RBAC模型提案的反驳
ACM Workshop on Role-Based Access Control Pub Date : 2000-07-26 DOI: 10.1145/344287.344302
T. Jaeger, Jonathon Tidswell
{"title":"Rebuttal to the NIST RBAC model proposal","authors":"T. Jaeger, Jonathon Tidswell","doi":"10.1145/344287.344302","DOIUrl":"https://doi.org/10.1145/344287.344302","url":null,"abstract":"In this abstract, we rebut the proposed RBAC unified reference model as defined by Sandhu, Ferriaolo, and Kuhn [4]. As a unified reference model, this proposal simply re-enforces some of the concepts that are fundamental to RBAC (i.e., roles, users, and permissions) without clarifying the more complex concepts. Also, the definitions of the concepts are too informal to drive any useful standards proposal. We suggest formalizing the base concepts, including the addition of role administration, and that more work is necessary for constraints to be useful.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"199 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2000-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115567954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信