Information flow analysis on role-based access control model

Information Management and Computer Security

Volumn 10, Issue 5, 2002, Pages 225-236

  Zhang, Chang N ^a   Yang, Cungang ^a  

^a UNIVERSITY OF REGINA   (Canada)

Author keywords

Access control; Information systems; Object oriented computing; Security

Indexed keywords

ALGORITHMS; AUTONOMOUS AGENTS; COMPUTER SIMULATION; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC COMMERCE; INFORMATION DISSEMINATION; OBJECT ORIENTED PROGRAMMING; SECURITY OF DATA;

DISCRETIONARY ACCESS CONTROL; INFORMATION FLOW ANALYSIS; MANDATORY ACCESS CONTROL; OBJECT ORIENTED COMPUTING; OBJECT ORIENTED ROLE BASED ACCESS CONTROL; ROLE ASSIGNMENT METHOD;

INFORMATION ANALYSIS;

EID: 0036434226     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220210446579     Document Type: Article

References (18)

1. Bell, D.E. and Lapadula, L.J. (1975) Secure Computer Systems: Mathematical Foundations and Model, M74-244, Mitre Corporation, Bellford, MA.
2. Denning, D.E. (1976), "A lattice model of secure information flow", Communications of the ACM, Vol. 19, No. 5, pp. 236-43.
3. Dennning, D.E. and Denning, P.J. (1997), "Certification of programs for secure information flow", Communications of the ACM, Vol. 20, No. 7, pp. 504-13.
4. Ferraiolo, D., Cugini, J. and Kulin, D.R. (1995), "Role based access control: features and motivation", Annual Computer Security Applications Conference, IEEE Computer Society Press, Piscataway, NJ.
5. Jajodia, S. and Kogan, B. "Integrating an object-oriented data model with multilevel security", Proceedings of 1990 Symposium on Res. in Security and Privacy, IEEE Computer Society Press, Piscataway, NJ, pp. 76-85.
6. Lampson, B.W. (1973) "A note on the confinement problem", Communications of ACM, Vol. 16 No. 10, pp. 613-5.
7. Osborn, S. (1997) "Mandatory access control and role-based access control revisited", Proceedings of the Second ACM Workshop on Role-based Access Control, pp. 31-40.
8. Osborn, S., Sandhu, R. and Munawer (2000) "Configuring role-based access control to enforce mandatory and discretionary access control policies", ACM Transactions on Information and System Security, Vol. 3 No. 2, pp. 85-106.
9. Potter, F. and conchon, S. (2000) "Information flow in inference for free", ICFP00, ACM, New York, NY, pp. 46-57.
10. Sandhu, R. (1996c) "Role hierarchies and constraints for lattice, based access control", Computer Security-ESORICS 96, Springer Verlag, Lecture Notes 1146, pp. 65-79.
11. Sandhu, R. and Bhamidipati, V. (1997), "The ARBAC97 model for role-based administration of roles: preliminary description and outline", Second ACM Workshop on Role-based Access Control, Fairfax, VA, pp. 41-54.
12. Sandhu, R., Coyne, F.J. and Youman, C.E. (Eds.) (1996a), Proceedings of the First ACM Workshop on Role-based Access Control, ACM. New York, NY.
13. Sandhu, R., Coyne, E.J., Feinstein, H.L. and Youman, C.E. (1996b), "Role based access control models", IEEE Computer, Vol. 29, No. 2, pp. 38-47.
14. Smith, G. (2001), "A new type system for secure information flow", Proceedings of 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, pp. 115-25.
15. Trent Jaeger, F. (1997), "A role-based access control model for protection domain derivation and management", 2nd ACM Workshop on Role-based Access Control, Fairfax, VA, November, pp. 95-108.
16. UML Resource Center (n.dd.), United Modeling Language, UML Resource Center, available at: www.rational.com/UML/
17. Zhang, C.N. and Yang, C. (2001a), "Specification and enforcement of object-oriented RBAC model", 2001 IEEE Canadian Conference on Electrical and Computer Engineering, Toronto, pp. 128-35.
18. Zhang, C.N. and Yang, C. (2001b), "An object-oriented RBAC model for distributed systems", 2001 IEEE/IFIP Conference on Software Architecture, WICSA 2001, pp. 24-32.