基于分区规则访问控制(PRBAC)的企业安全应用

Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises Pub Date : 1997-06-18 DOI:10.1109/ENABL.1997.630827

Marta Teresa Acevedo, D. Fillingham, John Lucas Nicolettos

{"title":"基于分区规则访问控制(PRBAC)的企业安全应用","authors":"Marta Teresa Acevedo, D. Fillingham, John Lucas Nicolettos","doi":"10.1109/ENABL.1997.630827","DOIUrl":null,"url":null,"abstract":"As commercial enterprises increase their dependency on electronically managed information and compete in global markets, the misuse or loss of enterprise information can cause significant damage to the economic well-being of an enterprise as well as the nation. This paper draws parallels between military and business enterprise access control needs and examines partition rule-based access control (PRBAC) as a potential technology solution to the needs of both communities. PRBAC is an access control technology that allows a user to have access to information as a function of the sensitivity of the information and individual authorizations, based on a user-defined security policy. A user gains access to information as a result of an access control decision which compares sensitivities conveyed in data security labels to authorizations conveyed in user public-key certificates.","PeriodicalId":334410,"journal":{"name":"Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Enterprise security applications of partition rule based access control (PRBAC)\",\"authors\":\"Marta Teresa Acevedo, D. Fillingham, John Lucas Nicolettos\",\"doi\":\"10.1109/ENABL.1997.630827\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As commercial enterprises increase their dependency on electronically managed information and compete in global markets, the misuse or loss of enterprise information can cause significant damage to the economic well-being of an enterprise as well as the nation. This paper draws parallels between military and business enterprise access control needs and examines partition rule-based access control (PRBAC) as a potential technology solution to the needs of both communities. PRBAC is an access control technology that allows a user to have access to information as a function of the sensitivity of the information and individual authorizations, based on a user-defined security policy. A user gains access to information as a result of an access control decision which compares sensitivities conveyed in data security labels to authorizations conveyed in user public-key certificates.\",\"PeriodicalId\":334410,\"journal\":{\"name\":\"Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ENABL.1997.630827\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.1997.630827","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

随着商业企业越来越依赖于电子管理信息，并在全球市场上竞争，企业信息的滥用或丢失会对企业和国家的经济福祉造成重大损害。本文比较了军事和商业企业访问控制需求之间的相似之处，并研究了基于分区规则的访问控制(PRBAC)作为满足这两个群体需求的潜在技术解决方案。PRBAC是一种访问控制技术，它基于用户自定义的安全策略，根据信息的敏感性和个人授权的不同，允许用户访问信息。用户通过访问控制决策获得对信息的访问权限，该决策将数据安全标签中传递的敏感性与用户公钥证书中传递的授权进行比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enterprise security applications of partition rule based access control (PRBAC)

As commercial enterprises increase their dependency on electronically managed information and compete in global markets, the misuse or loss of enterprise information can cause significant damage to the economic well-being of an enterprise as well as the nation. This paper draws parallels between military and business enterprise access control needs and examines partition rule-based access control (PRBAC) as a potential technology solution to the needs of both communities. PRBAC is an access control technology that allows a user to have access to information as a function of the sensitivity of the information and individual authorizations, based on a user-defined security policy. A user gains access to information as a result of an access control decision which compares sensitivities conveyed in data security labels to authorizations conveyed in user public-key certificates.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises

自引率

0.00%

发文量