Security analysis in role-based access control

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn 9, Issue , 2004, Pages 126-135

  Li, Ninghui ^a   Tripunitara, Mahesh V ^a  

^a Purdue University   (United States)

Author keywords

Delegation; Role based access control; Role based administration; Trust management

Indexed keywords

ALGORITHMS; COMPUTATIONAL COMPLEXITY; COMPUTATIONAL METHODS; COMPUTER OPERATING PROCEDURES; INFORMATION MANAGEMENT; MATHEMATICAL MODELS; PROBLEM SOLVING; QUERY LANGUAGES; SOCIETIES AND INSTITUTIONS;

DELEGATION; ROLE-BASED ACCESS CONTROL; ROLE-BASED ADMINISTRATION; TRUST MANAGEMENT;

SECURITY OF DATA;

EID: 4143094794     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/990036.990058     Document Type: Conference Paper

References (23)

1. G.-J. Ahn and R. Sandhu. Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC), 3(4):207-226, Nov. 2000.
2. J. Crampton. Authorizations and Antichains. PhD thesis, Birbeck College, University of London, UK, 2002.
3. J. Crampton. Specifying and enforcing constraints in role-based access control. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pages 43-50. June 2003.
4. J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security (TISSEC), 6(2):201-231, May 2003.
5. D. Ferraiolo, G.-J. Ahn, and S. Gavrila. The role control center: Features and case studies. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, June 2003.
6. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security (TISSEC), 4(3):224-274, Aug. 2001.
7. G. S. Graham and P. J. Denning. Protection - principles and practice. In Proceedings of the AFIPS Spring Joint Computer Conference, volume 40, pages 417-429. May 16-18 1972.
8. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461-471, Aug. 1976.
9. T. Jaeger and J. E. Tidswell. Practical safety in flexible access control models. ACM Transactions on Information and System Security (TISSEC), 4(2):158-190, May 2001.
10. M. Koch, L. V. Mancini, and F. Parisi-Presicce. Decidability of safety in graph-based models for access control. In Proceedings of the Seventh European Symposium on Research in Computer Security (ESORICS 2002), pages 229-243. Springer, Oct. 2002.
11. B. W. Lampson. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems, 1971. Reprinted in ACM Operating Systems Review, 8(1):18-24, Jan 1974.
12. B. W. Lampson. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems, 1971. Reprinted in ACM Operating Systems Review, 8(1):18-24, Jan 1974.
13. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114-130. May 2002.
14. N. Li, W. H. Winsborough, and J. C. Mitchell. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of IEEE Symposium on Security and Privacy, pages 123-139. May 2003.
15. N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. Journal of Computer Security, 11(1):35-86, Feb. 2003.
16. R. J. Lipton and L. Snyder. A linear time algorithm for deciding subject security. Journal of the ACM, 24(3):455-464, 1977.
17. Q. Munawer and R. Sandhu. Simulation of the augmented typed access matrix model (ATAM) using roles. In Proceedings of INFOSECU99 International Conference on Information and Security, 1999.
18. S. Oh and R. Sandhu. A model for role admininstration using organization structure. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (SACMAT'02), June 2002.
19. R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security (TISSEC), 2(1):105-135, Feb. 1999.
20. R. S. Sandhu. The schematic protection model: Its definition and analysis for acyclic attenuating systems. Journal of the ACM, 35(2):404-432, 1988.
21. R. S. Sandhu. The typed access matrix model. In Proceedings of the 1992 IEEE Symposium on Security and Privacy, pages 122-136. May 1992.
22. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, February 1996.
23. A. Schaad, J. Moffett, and J. Jacob. The role-based access control system of a european bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 3-9. 2001.