支持基于对象的访问控制的参数化角色

36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the Pub Date : 2003-02-06 DOI:10.1109/HICSS.2003.1174463

M. Evered

{"title":"支持基于对象的访问控制的参数化角色","authors":"M. Evered","doi":"10.1109/HICSS.2003.1174463","DOIUrl":null,"url":null,"abstract":"The per-method access control lists of standard Internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper, we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.","PeriodicalId":159242,"journal":{"name":"36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Supporting parameterised roles with object-based access control\",\"authors\":\"M. Evered\",\"doi\":\"10.1109/HICSS.2003.1174463\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The per-method access control lists of standard Internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper, we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.\",\"PeriodicalId\":159242,\"journal\":{\"name\":\"36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-02-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HICSS.2003.1174463\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HICSS.2003.1174463","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

标准Internet技术的每个方法访问控制列表只允许表达和执行简单形式的访问控制。它们也不能对持久数据强制执行严格的“需要知道”视图。实际应用程序需要更灵活的安全约束，包括参数限制、访问日志记录和依赖于状态的访问约束。特别是，参数化角色的概念，作为细粒度访问规则规范和遵从隐私法的核心，应该以自然的方式得到支持。在本文中，我们演示了如何使用基于对象的方法来使用括号功能机制来强制各种类型的访问约束，包括酌情的，强制的和参数化的基于角色的访问控制。我们给出了一个卫生信息系统的例子，该系统包括安全的患者访问和适当的医疗和行政人员的安全访问。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Supporting parameterised roles with object-based access control

The per-method access control lists of standard Internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper, we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the

自引率

0.00%

发文量