Extending RBAC for large enterprises and its quantitative risk evaluation

IFIP International Federation for Information Processing

Volumn 286, Issue , 2008, Pages 99-112

  Kondo, Seiichi ^a   Iwaihara, Mizuho ^b   Yoshikawa, Masatoshi ^b   Torato, Masashi ^a  

^a MITSUBISHI ELECTRIC CORPORATION   (Japan)

^b KYOTO UNIVERSITY   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; COST EFFECTIVENESS; FORESTRY; GEOGRAPHICAL DISTRIBUTION; PRODUCTIVITY; ELECTRONIC COMMERCE; WORLD WIDE WEB;

ENTERPRISE LEVEL SECURITY; HETEROGENEOUS ENVIRONMENTS; IDENTITY MANAGEMENT; PRODUCTIVITY LOSS; QUANTITATIVE RISK EVALUATION METHODS; QUANTITATIVE RISK EVALUATIONS; SECURITY VIOLATIONS; TOTAL OPERATION COSTS; SECURITY INCIDENT;

MOBILE SECURITY; INDUSTRY;

COSTS; PRODUCTIVITY; REGULATIONS; RISK ASSESSMENT;

EID: 50249130272     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-85691-9_9     Document Type: Conference Paper

References (17)

1. Feraiolo,D. and Kuhn,R., Role-Based Access Control, Communications of the 15th NIST-NSA National Computer Security Conference, 1992.
2. Ferraiolo,D., Sandhu,R., Gavrila,S., and Kuhn,R., Proposed NIST standard for Role-Based Access Control, ACM Transaction on Information and System Security, Vol.4 No.3, 2001.
3. Feraiolo,D., Kuhn,R., and Chandramouli,R., Role-Based Access Control Second Edition, Computer Security Series, ARTECH HOUSE, 2007.
4. Kern,A., Kuhlmann,M., Schaad,A., and Moffett,J., Observations on the role life-cycle in the context of enterprise security management, SACMAT'02, 2002.
5. Kern,A., Kuhlmann,M., Kuropka,R., and Ruthert,A., A meta model for authorisations in application security systems and their integation into RBAC administration, SACMAT'04, 2004.
6. Al-Kahtani, M. A. and Sandhu, R., A Model for Attribute-Based User-Role Assignment, 18th Annual Computer Security Applications Conference (ACSAC), 2002.
7. Kern,A. and Walhorn,C., Rule support for role-based access control, SACMAT'05, 2005.
8. Zhang,L., Ahn,G., and Chu,B. A rule-based framework for role-based delegation and revocation ACM Transactions on Information and system security (TISSEC), 2003.
9. Byun,J., Soh,Y., and Bertino,E. Systematic Control and Management of Data Integrity, SACMAT'06, 2006.
10. Bank for International Settlements (BIS), Basel II: Revised international capital framework, 2004.
11. Gallaher,M., O'Connor,A, and Kropp,B. The Economic Impact of Role-Based Access Control (NIST Planning Report 02-1), March 2002.
12. Briney,A., Security Focused, Information security, September 2000.
13. Computer Security Institute, CSI Survey 2007, The 12th Annual Computer Crime and Security Survey, 2007.
14. U.S. Nuclear regulatory Commission, Fault Tree Handbook, January 1981.
15. Brooke, P., and Paige, R., Fault trees for security system design and analysis, Computer & Security, Vol.23, No 3, 2003.
16. Sun Java System Identity Manager. http://www.sun.com/software/roducts/ identity_mgr/
17. IBM Tivoli Identity Manager. http://www.ibm.com/software/tivoli/products/ identity-mgr/