An approach to engineer and enforce context constraints in an RBAC environment

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn , Issue , 2003, Pages 65-79

  Neumann, Gustaf ^a   Strembeck, Mark ^a  

^a VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION MANAGEMENT; METADATA; OBJECT ORIENTED PROGRAMMING; SOFTWARE ENGINEERING; WORLD WIDE WEB; XML;

CONTEXT CONSTRAINT; ROLE BASED ACCESS CONTROL;

SECURITY OF DATA;

EID: 0242625198     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/775418.775421     Document Type: Conference Paper

References (41)

1. N.R. Adam, V. Atluri, E. Bertino, and E. Ferrari. A Content-Based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering, 14(2), March/April 2002.
2. G.J. Ahn and R. Sandhu. Role-based Authorization Constraints Specification. ACM Transactions on Information and System Security, 3(4), November 2000.
3. A.I. Antón. Goal-Based Requirements Analysis. In Proc. of the IEEE International Conference on Requirements Engineering (ICRE), April 1996.
4. K. Apt, H. Blair, and A. Walker. Towards a theory of declarative knowledge. In J. Minker, editor, Foundations of Deductive Databases and Logic Programming. Morgan Kaufman Publishers, 1988.
5. J. Bacon, M. Lloyd, and K. Moody. Translating Role-Based Access Control Policy within Context. In Proc. of the International Workshop on Policies for Distributed Systems and Networks, LNCS 1995, Springer Verlag, January 2001.
6. J. Barkley, K. Beznosov, and J. Uppal. Supporting Relationships in Access Control Using Role Based Access Control. In Proc. of ACM Workshop on Role Based Access Control, 1999.
7. E. Bertino, P.A. Bonatti, and E. Ferrari. TRBAC: A Temporal Role-based Access Control Model. In Proc. of the ACM Workshop on Role-Based Access Control, 2000.
8. E. Bertino, P.A. Bonatti, and E. Ferrari. TRBAC: A Temporal Role-based Access Control Model. ACM Transactions on Information and System Security, 4(3), August 2001.
9. E. Bertino, E. Ferrari, and V. Atluri. The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security, 2(1), February 1999.
10. J. Clark and S. DeRose. XML Path Language (XPath). http://www.w3.org/TR/xpath, November 1999. W3 Consortium Recommendation.
11. E. Cohen, R.K. Thomas, W. Winsborough, and D. Shands. Models for Coalition-based Access Control (CBAC). In Proc. of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2002.
12. M.J. Covington, W. Long, S. Srinivasan, A.K. Dey, M. Ahamad, and G.D. Abowd. Securing Context-Aware Applications Using Environment Roles. In Proc. of the ACM Symposium on Access Control Models and Technologies (SACMAT), May 2001.
13. A.K. Dey. Understanding and Using Context. Personal and Ubiquitous Computing, Springer Verlag, 5(1), 2001.
14. G. Edjlali, A. Acharya, and V. Chaudhary. History-based Access Control for Mobile Code. In Proc. of the Fifth ACM Conference on Computer and Communications Security (CCS), November 1998.
15. D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security, 4(3), August 2001.
16. E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1995.
17. C.K. Georgiadis, I. Mavridis, G. Pangalos, and R.K. Thomas. Flexible Team-Based Access Control Using Contexts. In Proc. of the ACM Symposium on Access Control Models and Technologies (SACMAT), May 2001.
18. L. Giuri and P. Iglio. Role Templates for Content-Based Access Control. In Proc. of the ACM Workshop on Role-Based Access Control, 1997.
19. T. Jaeger. On the Increasing Importance of Constraints. In Proc. of the ACM Workshop on Role-Based Access Control, 1999.
20. T. Jaeger, A. Prakash, J. Liedtke, and N. Islam. Flexible Control of Downloaded Executable Content. ACM Transactions on Information and System Security, 2(2), May 1999.
21. S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian. Flexible Support for Multiple Access Control Policies. ACM Transactions on Database Systems, 26(2), June 2001.
22. M. Jarke, X.T. Bui, and J.M. Carroll. Scenario management: An interdisciplinary approach. Requirements Engineering Journal, 3(3/4), 1998.
23. M.H. Kang, J.S. Park, and J.N. Froscher. Access Control Mechanisms for Inter-Organizational Workflow. In Proc. of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2001.
24. W. Kim, S. Graupner, A. Sahai, D. Lenkov, C. Chudasama, S. Whedbee, Y. Luo, B. Desai, H. Mullings, and P. Wonng. Web E-Speak: Facilitating Web-Based E-Services. IEEE Multimedia, 9(1), 2002.
25. G. Neumann and M. Strembeck. Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. In Proc. of the 8th ACM Conference on Computer and Communications Security (CCS), November 2001.
26. G. Neumann and M. Strembeck. A Scenario-driven Role Engineering Process for Functional RBAC Roles. In Proc. of 7th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2002.
27. G. Neumann and U. Zdun. XOTcl, an Object-Oriented Scripting Language. In Proc. of Tcl2k: 7th USENIX Tcl/Tk Conference, February 2000.
28. U. Nitsche, R. Holbein, O. Morger, and S. Teufel. Realization of a Context-Dependent Access Control Mechanism on a Commercial Platform. In Proc. of the 14th International Information Security Conference (IFIP/SEC), September 1998.
29. J.K. Ousterhout. Tcl and the Tk Toolkit. Addison-Wesley, 1994.
30. C.E. Philips, T. C. Ting, and S.A. Demurjian. Information Sharing and Security in Dynamic Coalitions. In Proc. of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2002.
31. C. Rolland, G. Grosz, and R. Kla. Experience with Goal-Scenario coupling in Requirements Engineering. In Proc. of the IEEE International Symposium on Requirements Engineering (RE), 1998.
32. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. IEEE Computer, 29(2), February 1996.
33. A. Schmidt, M. Beigl, and H.W. Gellersen. There is more to context than location. Computers & Graphics, Elsevier, 23(6), December 1999.
34. R.K. Thomas. Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. In Proc. of the ACM Workshop on Role Based Access Control, 1997.
35. R.K. Thomas and R.S. Sandhu. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proc. of the IFIP WG11.3 Conference on Database Security, August 1997.
36. A. van Lamsweerde. Goal-Oriented Requirements Engineering: A Guided Tour. In Proc. of the 5th IEEE International Symposium on Requirements Engineering (RE), August 2001.
37. A. van Lamsweerde and E. Letier. Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE Transactions on Software Engineering, 26(10), October 2000.
38. W. Wang. Team-and-Role-Based Organizational Context and Access Control for Cooperative Hypermedia Environments. In Proc. of the ACM Conference on Hypertext and Hypermedia, 1999.
39. M. Weiser. The Computer for the 21st Century. Scientific American, 265(3), September 1991.
40. M. Weiser. Some Computer Science Issues in Ubiquitous Computing. Communications of the ACM, 36(7), July 1993.
41. W. Yao, K. Moody, and J. Bacon. A Model of OASIS Role-Based Access Control and its Support for Active Security. In Proc. of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2001.