Administration in role-based access control

Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07

Volumn , Issue , 2007, Pages 127-138

  Li, Ninghui ^a   Mao, Ziqing ^a  

^a Purdue University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

LARGE SCALE SYSTEMS; MATHEMATICAL MODELS; PROBLEM SOLVING; REQUIREMENTS ENGINEERING;

ADMINISTRATIVE MODELS; PSYCHOLOGICAL ACCEPTABILITY; SECURITY MECHANISMS;

ACCESS CONTROL;

EID: 34748917648     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1229285.1229305     Document Type: Conference Paper

References (30)

1. ANSI. American national, standard for information technology - role based access control. ANSI INCITS 359-2004, Feb. 2004.
2. R. W. Baldwin. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 116-132, May 1990.
3. J. Crampton. Understanding and developing role-based administrative models. In Proc. ACM Conference on Computer and Communications Security (CCS), pages 158-167, Nov. 2005.
4. J. Crampton and G. Loizou. Administrative scope and role hierarchy operations. In Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pages 145-154, June 2002.
5. J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 6(2):201-231, May 2003.
6. D. F. Ferraiolo, R. Chandramouli, G.-J. Ahn, and S. Gavrila. The role control center: Features and case studies. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, June 2003.
7. D. F. Ferraiolo, J. A. Cuigini, and D. R. Kuhn. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC95), Dec. 1995.
8. D. F. Ferraiolo and D. R. Kuhn. Role-based access control. In Proceedings of the 15th National Information Systems Security Conference, 1992.
9. D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security, 4(3):224-274, Aug. 2001.
10. L. Giuri and P. Iglio. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC'97), pages 153-159, Nov. 1997.
11. A. Kern. Advanced features for enterprise-wide role-based access control. In Proceedings of the 18th Annual Computer Security Applications Conference, pages 333-343, Dec. 2002.
12. A. Kern, A. Schaad, and J. Moffett. An administration concept for the enterprise role-based access control model. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT2003), pages 3-11, June 2003.
13. N. Li, J. C Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130. IEEE Computer Society Press, May 2002.
14. A. D. Marshall. A financial institution's legacy mainframe access control system in light of the proposed. NIST RBAC standard. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), pages 382-390, 2002.
15. J. D. Moffett. Control principles and role hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC 1998), Oct. 1998.
16. J. D. Moffett and E. C. Lupu. The uses of role hierarchies in access control. In Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), Oct. 1999.
17. NSA. Security enhanced linux. http://www.nsa.gov/selinux/.
18. M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3-33, Feb. 1999.
19. S. Oh and R. S. Sandhu. A model for role admininstration using organization structure. In Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), June 2002.
20. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9): 1278-1308, September 1975.
21. R. S. Sandhu and V. Bhamidipati. Role-based administration of user-role assignment: The URA97 model and its Oracle implementation. Journal of Computer Security, 7, 1999.
22. R. S. Sandhu, V. Bhamidipati, E. Coyne, S. Ganta, and C. Youman. The ARBAC97 model for role-based administration of roles: preliminary description and outline. In Proceedings of the Second ACM workshop on Role-based access control (RBAC 1997), pages 41-50, Nov. 1997.
23. R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1):105-135, Feb. 1999.
24. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, February 1996.
25. R. S. Sandhu and Q. Munawer. The ARBAC99 model for administration of roles. In Proceedings of the 18th Annual Computer Security Applications Conference, pages 229-238, Dec. 1999.
26. A. Schaad, J. Moffett, and J. Jacob. The role-based access control system of a European bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 3-9. ACM Press, 2001.
27. T. C Ting. A user-role based data security approach. In C. Landwehr, editor, Database Security: Status and Prospects. Results of the IFIP WG 11.3 Initial Meeting, pages 187-208. North-Holland, 1988.
28. H. Wang and S. L. Osborn. An administrative model for role graphs. In Proceedings of the 17th Annual IFIP WG11.3 Working Conference, on Database Security, Aug. 2003.
29. H. F. Wedde and M. Lischka. Cooperative role-based administration. In Proceedings of the Eighth ACM Symposium on Access control models and technologies (SACMAT 2003), pages 21-32. ACM Press, June 2003.
30. H. F. Wedde and M. Lischka. Modular authorization and administration. ACM Transactions on Information and System Security (TISSEC), 7(3):363-391, Aug. 2004.