发布求助
文献互助 智能选刊 最新文献

ACM Workshop on Role-Based Access Control最新文献

筛选
英文 中文
Dynamic rights: safe extensible access control 动态权限:安全的可扩展访问控制
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319182
Jonathon Tidswell, G. Outhred, John Michael Potter
{"title":"Dynamic rights: safe extensible access control","authors":"Jonathon Tidswell, G. Outhred, John Michael Potter","doi":"10.1145/319171.319182","DOIUrl":"https://doi.org/10.1145/319171.319182","url":null,"abstract":"Extensible systems such as micro-kernels and component architectures push current security models to the limit. A number of dynamic access control models have been developed but all fail to ensure safety, especially of large scale configurations. In previous work we have developed a dynamic typed access control (DTAC) model that supports generalised security configuration descriptions based on subject and object types. This model includes a security invariant to ensure safety in the presence of change. In this paper we investigate the use of structured subject types, structured object types and structured rights to simplify both modelling and safety enforcement within DTAC. Structuring all aspects of the access control relation is both promising and novel.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115709737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Managing trust between collaborating companies using outsourced role based access control 使用外包的基于角色的访问控制管理协作公司之间的信任
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319181
T. Hildmann, Jörg Barholdt
{"title":"Managing trust between collaborating companies using outsourced role based access control","authors":"T. Hildmann, Jörg Barholdt","doi":"10.1145/319171.319181","DOIUrl":"https://doi.org/10.1145/319171.319181","url":null,"abstract":"In this document we describe an approach for modelling large organisations applying an RBAC-schema to control access to remote services of the organisation. The model is object-oriented, non-hierarchical and divides the organisation into different contexts (posts, groups, persons, services, resources) in which roles are defined local to that context. We explicitly address the problem of access controlling the policy information itself by using the same means as for external resources. Therefore, this approach enables policy information of each context to be managed by another person, namely the one responsible for that very resource context, and makes it superior over strict hierarchical models. The first version of our model was designed to manage the access in one defined organisation. This paper will show how this concept is expanded so that it can also be used for access control between collaborating companies. As an example we will show how an electronic market place can be modelled and each partner in that marketplace can manage access policies to his catalogues, prices, discount rules, orders, etc. on his own while the integrity of the whole marketplace is assured.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"532 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116582957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
SecureFlow: a secure Web-enabled workflow management system SecureFlow:一个安全的web工作流管理系统
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319179
Wei-kuang Huang, V. Atluri
{"title":"SecureFlow: a secure Web-enabled workflow management system","authors":"Wei-kuang Huang, V. Atluri","doi":"10.1145/319171.319179","DOIUrl":"https://doi.org/10.1145/319171.319179","url":null,"abstract":"The objective of this paper is to present a web-based Workflow Management System (WFMS), called SecureFlow that can serve as a framework for specification and enforcement of complex security policies within a workflow, such as separation of duties. The main advantage of SecureFlow is that it uses a simple 4GL language such as SQL to specify authorization constraints, thereby improving flexibility and user-friendliness. Due to the modular nature of the SecureFlow architecture, the security specification and enforcement modules can be layered on top of existing workflow systems that do not provide adequate support for security. SecureFlow relies on the Workflow Authorization Model (WAM) recently proposed by Atluri and Huang.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123931797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 110
Supporting relationships in access control using role based access control 使用基于角色的访问控制支持访问控制中的关系
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319177
John F. Barkley, K. Beznosov, Jinny Uppal
{"title":"Supporting relationships in access control using role based access control","authors":"John F. Barkley, K. Beznosov, Jinny Uppal","doi":"10.1145/319171.319177","DOIUrl":"https://doi.org/10.1145/319171.319177","url":null,"abstract":"The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other factors, in particular, relationships between entities, such as, the user, the object to be accessed, and the subject of the information contained within the object. Such relationships are often not efficiently represented using traditional static security attributes centrally administered. Furthermore, the extension of RBAC models to include relationships obscures the fundamental RBAC metaphor. This paper furthers the concept of relationships for use in access control, and it shows how relationships can be supported in role based access decisions by using the Object Management Group’s (OMG) Resource Access Decision facility (RAD). This facility allows relationship information, which can dynamically change as part of normal application processing, to be used in access decisions by applications. By using RAD, the access decision logic is separate from application logic. In addition, RAD allows access decision logic from different models to be combined into a single access decision. Each access control model is thus able to retain its metaphor.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"575 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123164393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 108
The RSL99 language for role-based separation of duty constraints 基于角色的职责分离约束的RSL99语言
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319176
Gail-Joon Ahn, R. Sandhu
{"title":"The RSL99 language for role-based separation of duty constraints","authors":"Gail-Joon Ahn, R. Sandhu","doi":"10.1145/319171.319176","DOIUrl":"https://doi.org/10.1145/319171.319176","url":null,"abstract":"Separation of duty (SOD) is a fundamental technique for prevention of fraud and errors, known and practiced long before the existence of computers. It is discussed at several places in the literature, but there has been Iittle work on specifying SOD policies in a systematic way. This paper describes a framework for specifying separation of duty and conflict of interest policies in role-based systems. To specify these policies, we need an appropriate language. We propose an intuitive formal language which uses system functions and sets as its basic elements. The semantics for this language is defined by its translation to a restricted form of first order predicate logic. We show how previously identified SOD properties can be expressed in our language. Moreover, we show there are other significant SOD properties which have not been previously identified in the literature. Unlike much of the previous work, this paper deals with SOD in the presence of role hierarchies. Our work shows that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. Our language provides us a rigorous foundation for systematic study of SOD properties. *This work is partially supported by grants from the National Science Foundation and the National Security Agency at the Laboratory for Information Security Technology at George Mason University. All correspondence should be addressed to Ravi Sandhu, ISE Department, Mail Stop 4A4, George Mason University, Fairfax, VA 22030, saudhuQisse.gmu.edu, wwv.list.gmu.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise. to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. RBAC ‘99 10199 Fairfax, VA, USA","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122932199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 150
On the increasing importance of constraints 关于约束的重要性日益增加
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319175
T. Jaeger
{"title":"On the increasing importance of constraints","authors":"T. Jaeger","doi":"10.1145/319171.319175","DOIUrl":"https://doi.org/10.1145/319171.319175","url":null,"abstract":"In this paper, we examine how the addition of rolebased access control (RBAC) model features affect the complexity of the RBAC constraint models. Constraints are used in RBAC models to constrain the assignment of permissions and principals to roles (among other things). Historically, it was assumed that the role assignments would change rather infrequently, so only a few constraints were necessary. Given new RBAC features, such as context-sensitive roles, the complexity of the restrictions that can be required is increasing because the role definitions may depend on application state. As application state changes, so do the role assignments. We examine the RBAC constraint problem using an example of a virtual university. We propose RBAC model features for simplifying the representation of constraints given our experience with this example.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131522475","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 78
RBAC on the Web by smart certificates 通过智能证书实现Web上的RBAC
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319172
Joon S. Park, R. Sandhu
{"title":"RBAC on the Web by smart certificates","authors":"Joon S. Park, R. Sandhu","doi":"10.1145/319171.319172","DOIUrl":"https://doi.org/10.1145/319171.319172","url":null,"abstract":"We have described in another paper how to develop and use smart certi cates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certi cates. To support RBAC, we issued smart certi cates which hold the subjects' role information and con gured a Web server to use the role information in the certi cate instead of identities for its access control mechanism. Since the subjects' role information is provided integrity, the Web server can trust the role information after authentication and certi cate veri cation by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject's identity and role information) smart certi cate in the user-pull model.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134277401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
Attribute certification: an enabling technology for delegation and role-based controls in distributed environments 属性认证:一种在分布式环境中支持委托和基于角色的控制的技术
ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI: 10.1145/319171.319183
J. Linn, Magnus Nyström
{"title":"Attribute certification: an enabling technology for delegation and role-based controls in distributed environments","authors":"J. Linn, Magnus Nyström","doi":"10.1145/319171.319183","DOIUrl":"https://doi.org/10.1145/319171.319183","url":null,"abstract":"In order to implement role-based controls in operational environments, they must be represented and managed in a secure manner, desirably leveraging other security infrastructure elements. Attribute certification is an emerging technology area, extending authenticationoriented public-key infrastructures (PIUS) to support authorization facilities. It allows a wide range of authorization decision criteria to be managed in a coordinated fashion. In particular, it offers facilities that can be applied usefully and effectively to manage and delegate role-related attributes within distributed and mutually suspicious computing environments, minimizing unnecessary trust in intermediaries. As such, its definition and adoption affords opportunities for increasing support of role-based policies, Consistent with separation of duties, it allows attribute management to be separated from identity and user management. This paper considers aspects of attribute certification, examines current proposals in the area, and assesses the technology’s value for controlled support of delegation and role-based policies within distributed environments.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133910678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Requirements for access control: US Healthcare domain 访问控制要求:美国医疗保健领域
ACM Workshop on Role-Based Access Control Pub Date : 1998-10-01 DOI: 10.1145/286884.286892
K. Beznosov
{"title":"Requirements for access control: US Healthcare domain","authors":"K. Beznosov","doi":"10.1145/286884.286892","DOIUrl":"https://doi.org/10.1145/286884.286892","url":null,"abstract":"The di erences in the requirements of disclosing patient information from state to state, the diversity in healthcare providers' business models, the increased rate of merges, and the upcoming federal regulations in healthcare make access control requirements a moving target for application developers and healthcare enterprise designers and administrators. We suggest two major design principles for access control infrastructure deployed in the healthcare enterprises: isolation of the application logic from the authorization logic and centralized administration of the authorization logic. Application systems and healthcare enterprises constructed according to these two principles will be able to accommodate changes in access control logic and will enforce a uniform access control model across an enterprise. However, the complexity and instability of the healthcare access control model makes the task of applying these design principles somewhat di cult. The notion of roles and their hierarchies help to alleviate complexity of controlling access to patient data, but it has to be used in conjunction with other information, such as a liation, relationship, location and so on. We identi ed the following factors that have to be used to make elaborate authorization decisions in order to comply with patient information discloser requirements:","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122074985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
How to do discretionary access control using roles 如何使用角色进行自由访问控制
ACM Workshop on Role-Based Access Control Pub Date : 1998-10-01 DOI: 10.1145/286884.286893
R. Sandhu, Q. Munawer
{"title":"How to do discretionary access control using roles","authors":"R. Sandhu, Q. Munawer","doi":"10.1145/286884.286893","DOIUrl":"https://doi.org/10.1145/286884.286893","url":null,"abstract":"Role-based access control (RBAC) is a promising alternative to traditional discretionary access control (DAC) and mandatory access control (MAC). The central idea of RBAC is that permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. RBAC is policy neutral in that the precise policy being enforced is a consequence of how various components of RBACsuch as role hierarchies, constraints and administration of user-role and role-permission assignment-are configured. This raises the important question as to whether RBAC is sufficiently powerful to simulate DAC and MAC. Simulation of MAC in RBAC has been demonstrated earlier by Nyanchama and Osborn and by Sandhu. In this paper we demonstrate how to simulate several variations of DAC in RBAC, using the wellknown RBAC96 model of Sandhu et al. In combination with earlier work we conclude that RBAC encompasses both MAC and DAC.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134288952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 178
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信