An integrated approach to engineer and enforce context constraints in RBAC environments

ACM Transactions on Information and System Security

Volumn 7, Issue 3, 2004, Pages 392-427

  Strembeck, Mark ^a   Neumann, Gustaf ^a  

^a VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

Constraints engineering; Context constraints; Context dependent access control; Role based access control

Indexed keywords

CONSTRAINT ENGINEERING; CONTEXT CONSTRAINTS; CONTEXT-DEPENDENT ACCESS CONTROL; ROLE-BASED ACCESS CONTROL;

COMPUTER OPERATING SYSTEMS; COMPUTER SYSTEMS; CONSTRAINT THEORY; CONTROL; INFORMATION ANALYSIS; SECURITY OF DATA;

SOFTWARE ENGINEERING;

EID: 4444246080     PISSN: 10949224     EISSN: None     Source Type: Journal    
DOI: 10.1145/1015040.1015043     Document Type: Article

References (55)

1. ADAM, N., ATLURI, V., BERTINO, E., AND FERRARI, E. 2002. A content-based authorization model for digital libraries. IEEE Trans. Knowledge Data Eng. 14, 2 (Mar/Apr).
2. AHN, G. AND SANDHU, R. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. 3, 4 (Nov.).
3. ANTÓN, A. 1996. Goal-based requirements analysis. In Proceedings of the IEEE International Conference on Requirements Engineering (ICRE).
4. APT, K., BLAIR, H., AND WALKER, A. 1988. Towards a theory of declarative knowledge. In Foundations of Deductive Databases and Logic Programming, J- Minker, ed. Morgan Kaufmann Publishers.
5. ATLUKI, V. AND GAL, A. 2002. An authorization model for temporal and derived data: Securing information portals. ACM Trans. Inf. Syst. Secur. 5, 1 (Feb.).
6. BACON, J., LLOYD, M., AND MOODY, K. 2001. Translating role-based access control policy within context. In Proceedings of the 2nd International Workshop on Policies for Distributed Systems and Networks (POLICY). Lecture Notes in Computer Science, 1995, Springer Verlag.
7. BARKLEY, J., BEZNOSOV, K., AND UPPAL, J. 1999. Supporting relationships in access control using role based access control. In Proceedings of ACM Workshop on Role Based Access Control.
8. BELOKOSZTOLSZKI, A., EYERS, D., AND MOODY, K. 2003. Policy contexts: Controlling information flow in parameterised RBAC. In Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY).
9. BERTINO, E., BONATTI, P., AND FERRARI, E. 2001. TRBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4, 3 (Aug.).
10. BERTINO, E., FERRARI, E., AND ATLURI, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2, 1 (Feb.).
11. BHARADWAJ, V. AND BARAS, J. 2003. Towards automated negotiation of access control policies. In Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY).
12. BRAY, T., PAOLI, J., SPERBERG-MCQUEEN, C., MALER, E., AND YERGEAU, F. 2004. Extensible Markup Language (XML) version 1.0, 3rd edition. Available at http://www.w3.org/TR/REC-xml/. W3 Consortium Recommendation.
13. CLARK, J. AND DEROSE, S. 1999. XML Path Language (XPath). Available at http://www.w3.org/TR/xpath. W3 Consortium Recommendation.
14. COHEN, E., THOMAS, R., WINSBOROUGH, W., AND SHANDS, D. 2002. Models for coalition-based access control (CBAC). In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT).
15. COVINGTON, M., LONG, W., SRINIVASAN, S., DEY, A., AHAMAD, M., AND ABOWD, G. 2001. Securing context-aware applications using environment roles. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT).
16. DENNING, D. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May).
17. DEY, A. 2001. Understanding and using context. Personal and Ubiquitous Computing 5, 1.
18. EDJLALI, G., ACHARYA, A., AND CHAUDHARY, V. 1998. History-based access control for mobile code. In Proceedings of the Fifth ACM Conference on Computer and Communications Security (CCS).
19. FERRAIOLO, D., BARKLEY, J., AND KUHN, D. 1999. A role-based access control model and reference implementation within a corporate Intranet. ACM Trans. Inf. Syst. Secur. 2, 1 (Feb.).
20. FERRAIOLO, D., SANDHU, R., GAVRILA, S., KUHN, D., AND CHANDRAMOULI, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4, 3 (Aug.).
21. GAMMA, E., HELM, R., JOHNSON, R., AND VLISSIDES, J. 1995. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley.
22. GEORGIADIS, C., MAVRIDIS, I., PANGALOS, G., AND THOMAS, R. 2001. Flexible team-based access control using contexts. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT).
23. GIURI, L. AND IGLIO, P. 1997. Role templates for content-based access control. In Proceedings of the ACM Workshop on Role-Based Access Control.
24. GUTH, S., NEUMANN, G., AND STREMBECK, M. 2003. Experiences with the enforcement of access rights extracted from ODRL-based digital contracts. In Proceedings of the 3rd ACM Workshop on Digital Rights Management (DRM).
25. JAEGER, T. 1999. On the increasing importance of constraints. In Proceedings of the ACM Workshop on Role-Based Access Control.
26. JAEGER, T., PRAKASH, A., LIEDTKE, J., AND ISLAM, N. 1999. Flexible control of downloaded executable content. ACM Trans. Inf. Syst. Secur. 2, 2 (May).
27. JAJODIA, S., SAMARATI, P., SAPINO, M., AND SUBRAHMANIAN, V. 2001. Flexible support for multiple access control policies. ACM Trans. Datab. Syst. 26, 2 (June).
28. JARKE, M., BUI, X., AND CARROLL, J. 1998. Scenario management: An interdisciplinary approach. Requirements Engineering Journal 3, 3/4.
29. KALAM, A. E., BAIDA, R. E., BALBIANI, P., BENFESHAT, S., CUPPENS, F., DESWARTE, Y., MIÈGE, A., SAUREL, C., AND TROUESSIN, G. 2003. Organization based access control. In Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (POLICY).
30. KANG, M., PARK, J., AND FROSCHER, J. 2001. Access control mechanisms for inter-organizational workflow. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT).
31. KIM, W., GRAUPNER, S., SAHAI, A., LENKOV, D., CHUDASAMA, C., WHEDBEE, S., LUO, Y., DESAI, B., MULLINGS, H., AND WONNG, P. 2002. Web E-speak: Facilitating web-based E-services. IEEE Multimedia 9, 1.
32. LONGSTAFF, J., LOCKRER, M., CAPPER, G., AND THICK, M. 2000. Amodel of accountability, confidentiality and override for healthcare and other applications. In Proceedings of the 5th ACM Workshop on Role-Based Access Control.
33. MCDANIEL, P. 2003. On context in authorization policy. In Proceedings of the ACM Symposium on Access Control Models and Technologies.
34. MYLES, G., FRIDAY, A., AND DAVIES, N. 2003. Preserving privacy in environments with location-based applications. IEEE Pervasive Comput. 2, 1 (Jan.-Mar.).
35. NEUMANN, G. AND STREMBECK, M. 2001. Design and implementation of a flexible RBAC-service in an object-oriented scripting language. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS).
36. NEUMANN, G. AND STREMBECK, M. 2002. A Scenario-driven role engineering process for functional RBAC roles. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies (SACMAT).
37. NEUMANN, G. AND ZDUN, U. 2000. XOTcl, an object-oriented scripting language. In Proceedings of Tcl2k: 7th USENIX Tcl/Tk Conference.
38. NITSCHE, U., HOLBEIN, R., MORGER, O., AND TEUFEL, S. 1998. Realization of a context-dependent access control mechanism on a commercial platform. In Proceedings of the 14th International Information Security Conference (IFIP/SEC).
39. OUSTERHOUT, J. 1994, Tcl and the Tk Toolkit. Addison-Wesley.
40. PHILLIPS, C., TING, T., AND DEMURJIAN, S. 2002. Information sharing and security in dynamic coalitions. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT).
41. ROLLAND, C., GROSZ, G., AND KLA, R. 1999. Experience with goal-scenario coupling in requirements engineering. In Proceedings of the IEEE International Symposium on Requirements Engineering (RE).
42. SANDHU, R., COYNE, E., FEINSTEIN, H., AND YOUMAN, C. 1996. Role-based access control models. IEEE Comput. 29, 2 (Feb.).
43. SCHMIDT, A., BEIGL, M., AND GELLERSEN, H. 1999. There is more to context than location. Comput. Graphics 23, 6 (Dec.).
44. STREMBECK, M. 2004. Conflict checking of separation of duty constraints in RBAC - Implementation experiences. In Proceedings of the Conference on Software Engineering (SE 2004).
45. THOMAS, R. 1997. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In Proceedings of the ACM Workshop on Role Based Access Control.
46. THOMAS, R. AND SANDHU, R. 1997. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proceedings of the IFIP WG11.3 Conference on Database Security.
47. VAN LAMSWEERDE, A. 2001. Goal-oriented requirements engineering: A guided tour. In Proceedings of the 6th IEEE International Symposium on Requirements Engineering (RE).
48. VAN LAMSWEERDE, A. AND LETIER, E. 2000. Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26, 10 (Oct.).
49. WANG, W. 1999. Team-and-role-based organizational context and access control for cooperative hypermedia environments. In Proceedings of the ACM Conference on Hypertext and Hypermedia.
50. WARRIOR, J., MCHENRY, E., AND MCGEE, K. 2003. They know where you are. IEEE Spectrum 40, 7 (July).
51. WEISER, M. 1991. The computer for the 21st Century. Sci. Am. 265, 3 (Sep.).
52. WEISER, M. 1993. Some computer science issues in ubiquitous computing. Commun. ACM 36, 7 (July).
53. WILIKENS, M., FERITI, S., SANNA, A., AND MASERA, M. 2002. A context-related authorization and access control method based on RBAC: A case study from the health care domain. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT).
54. WOLF, R. AND SCHNEIDER, M. 2003. Context-dependent access control for web-based collaboration environments with role-based approach. In Proceedings of the 2nd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security. Lecture Notes in Computer Science, vol. 2776, Springer Verlag.
55. YAO, W., MOODY, K., AND BACON, J. 2001. A model of OASIS role-based access control and its support for active security. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT).