The role-based access control system of a European Bank: A case study and discussion

Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)

Volumn , Issue , 2001, Pages 3-9

  Schaad, Andreas ^a   Moffett, Jonathan ^a   Jacob, Jeremy ^a  

^a UNIVERSITY OF YORK   (United Kingdom)

Author keywords

Control principles; Dual control; Inheritance; Least privilege; Number of roles; Role administration; Role based access control; Separation of duties

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; COMPUTER SOFTWARE; CONTROL SYSTEMS; MANAGEMENT; UNIX;

ROLE-BASED ACCESS CONTROL SYSTEMS;

SECURITY OF DATA;

EID: 0035790675     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. Sandhu R., D. Ferraiolo, and R. Kuhn, "The NIST Model for Role-based Access Control: Towards a Unified Standard.". 5th ACM RBAC, Berlin, Germany, 2000.
2. Sandhu R., E. Coyne, H. Feinstein, et al. "Role-based access control models." IEEE Computer, vol. 29, pp. 38-47, 1996.
3. Nyanchama M. and S. Osborn, "The role graph model and conflict of interest." Transactions on Information Systems Security, vol. 2, pp. Pages 3 - 33, 1999.
4. Lupu E., D. Marriott, M. Sloman, and N. Yiaelis, "A policy based role framework for access control.". 1st ACM Workshop on Role-based access control, Gaithersburg, USA, 1996.
5. Epstein P., Sandhu, R., "Towards a UML based approach to role engineering.". 4th ACM ACM Workshop on Role-based access control, Fairfax, VA, USA, 1999.
6. Roeckle H., G. Schimpf, and R. Weidinger, "Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organisation.". 5th ACM Workshop on Role-Based access control, Berlin, Germany, 2000.
7. Awischus R., "Role based access control with the security administration manager (SAM).". 2nd ACM Workshop on Role-based access control, Fairfax, VA, USA 1997.
8. Sandhu R., Bhamidipadi, V., "An Oracle Implementation of the PRA97 Model for Permission-Role Assignment.". 3rd ACM Workshop on Role-based access control, Fairfax, VA, 1998.
9. Sandhu R., and Epstein, J., "NetWare 4 as an Example of Role-based access control.". 1st ACM Workshop on Role-based access control, Gaithersburg, USA, 1996.
10. 5th ACM Workshop on Role-based Access Control, Berlin, Germany, 2000.
11. Moffett J.D., "Control Principles and Role Hierarchies.". Third ACM Workshop on Role-based access control, Fairfax, VA, USA, 1998.
12. Schaad A. and J.D. Moffett, "The Incorporation of Control Principles into Access Control Policies (Extended Abstract)." presented at Hewlett Packard Policy Workshop, Bristol, 2001.
13. Sloman M. S. and K. P. Twidle, "Domains: A Framework for Structuring Management Policy." in Network and Distributed Systems Management, M. S. Sloman, Addison Wesley, 1994,
14. Ahn G. and R. Sandhu, "The RSL99 language for role-based separation of duty constraints.". 4th ACM Workshop on Role-based access control, Fairfax, VA, USA, 1999.
15. Jaeger T., "On the increasing importance of constraints.". 4th ACM Workshop on Role-based access control, Fairfax, VA USA, 1999.
16. Tidswell J. and T. Jaeger, "Integrated constraints and inheritance in DTAC." 5th ACM Workshop on Role-based access control, Berlin, Germany, 2000.