Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Design and specification of role based access control policies

Design and specification of role based access control policies

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IEE Proceedings - Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The authors describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. They discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. The basic constructs of the language are discussed and the language is used to specify several access control policies such as role based access control; static and dynamic separation of duty delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations, and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.

References

    1. 1)
      • C.P. PFLEEGER . (1997) , Security in computing.
    2. 2)
      • R. Sandhu , E.J. Coyne , H.L. Feinstein , C.E. Youman . Role based access control models. Computer , 2 , 38 - 47
    3. 3)
      • KARGER, P.: `Implementing commercial data integrity with secure capabilities', Proceedings of the IEEE Symposium on Security and privacy, 1988, Oakland, CA, USA, p. 130–39.
    4. 4)
      • SANDHU, R., COYNE, E., FEINSTEIN, H., YOUMAN, C.: `Role-based access control: A multi-dimensional view', 10th Annual computer security applications conference, Orlando, FL, USA, 1994, IEEE CS Press, p. 54–61.
    5. 5)
      • FERRAIOLO, D., KUHN, R.: `Role based access controls', Proceedings of the 15th NIST-NCSC national computer security conference, 1992, Baltimore, MD, USA.
    6. 6)
      • BAI, Y., VARADHARAJAN, V.: `A logic for state transformations in authorization policies', Proceedings of the 10th IEEE computer security foundations workshop, 1997, Rockport, MA, USA, IEEE, Computer Society Press, p. 173–183.
    7. 7)
      • S. JAJODIA , P. SMARATI , V. SUBRAHMANIAN . A logical language for expressing authorizations. Proceedings of the IEE Symposium on Security and information privacy , 31 - 42
    8. 8)
      • V. VARADHARAJAN , P. ALLEN , S. BLACK . Analysis of proxy problem in distributed systems. Proceedings of the IEEE Symposium on Security and privacy
    9. 9)
      • OSBORNE, S.: `Mandatory access control and role-based access control revisited', Proceedings of the 2nd ACM RBAC Workshop, Fairfax, VA, USA, 1997, p. 31–40.
    10. 10)
      • SANDHU, R.: `Role activation hierarchies', Proceedings of the 3rd ACM RBAC Workshop on Role based access control, 1998, Fairfax, VA, USA, p. 33–40.
    11. 11)
      • D. BREWER , M. NASH . The Chinese Wall security policy. Proceedings of the IEEE Symposium on Security and privacy , 206 - 214
    12. 12)
      • Object Management Group (OMG), `CORBAservices: Common object services specification' and `security services in common object request broker architecture', 1996–98..
    13. 13)
      • ZURKO, M., SIMON, R., SANFILIPPO, T.: `A user-centered, modular authorization service built on an RBAC foundation', Proceedings of the IEEE symposium on Security and privacy, 1999, Oakland, CA, USA, p. 57–71.
    14. 14)
      • V. VARADHARAJAN , P. ALLEN . Joint action based authorization schemes. ACM 30, Oper. Syst. Rev. , 32 - 45
    15. 15)
      • MOFFETT, J.: `Control principles and role hierarchies', Proceedings of the 3rd ACM Workshop on Role based access control, 1998, Fairfax, VA, USA.
    16. 16)
      • GIURI, L., IGLIO, P.: `Role templates for content-based access control', Proceedings of the 2nd ACM Workshop on Role based access control, 1997, Fairfax, VA, USA.
    17. 17)
      • VARADHARAJAN, V., CRALL, C., PATO, J.: `Authorization for enterprise wide distributed systems: Design and application', Proceedings of the IEEE computer security applications conference, ACSAC'98, 1998, Scottsdale, AZ, USA.
    18. 18)
      • SIMON, R., ZURKO, M.: `Separation of duty in role-based environments', Proceedings of the 10th computer security foundations workshop, Rockport, MA, USA, 1997, IEEE CS Press, p. 183–94.
    19. 19)
      • HILCHENBACH, B.: `Observations on the real-world implementation of role-based access control', Proceedings of the 20th National information systems security conference, 1997, Baltimore, MD, USA, p. 341–52.
    20. 20)
      • SANDHU, R., FEINSTEIN, H.: `A three tier architecture for role-based access control', Proceedings of the 17th national computer security conference, Baltimore, MD, USA, 1994, p. 34–46.
http://iet.metastore.ingenta.com/content/journals/10.1049/ip-sen_20000792
Loading

Related content

content/journals/10.1049/ip-sen_20000792
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address