Resiliency policies in access control

ACM Transactions on Information and System Security

Volumn 12, Issue 4, 2009, Pages

  Li, Ninghui ^a   Wang, Qihua ^a   Tripunitara, Mahesh ^b  

^a PURDUE UNIVERSITY   (United States)

^b MOTOROLA INC   (United States)

Author keywords

Access control; Fault tolerant; Policy design

Indexed keywords

COMPLEXITY CLASS; CONSISTENCY PROBLEMS; CRITICAL TASKS; DISJOINT SETS; EMERGENCY SITUATION; FAULT-TOLERANT; LINEAR TIME; NP-HARD; POLICY DESIGN; POLYNOMIAL HIERARCHIES; SEPARATION OF DUTY; STATIC SEPARATION OF DUTY;

COMPUTATIONAL COMPLEXITY; FAULT TOLERANCE; QUALITY ASSURANCE; SECURITY SYSTEMS; SEPARATION;

ACCESS CONTROL;

EID: 76849085284     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1513601.1513602     Document Type: Article

References (27)

1. AHN, G.-J. AND SANDHU, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Sec. 3, 4, 207-226.
2. CLARK, D. D. AND WILSON, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (SP'87). IEEE Computer Society Press, 184-194.
3. CRAMPTON, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT'03). 43-50.
4. DU, D., GU, J., AND PARDALOS, P. M., Eds. 1997. Satisfiability problem: Theory and applications. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 35. AMS Press.
5. GAREY, M. R. AND JOHNSON, D. J. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company.
6. GLIGOR, V. D., GAVRILA, S. I., AND FERRAIOLO, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP'98). 172-183.
7. GRAHAM, G. S. AND DENNING, P. J. 1972. Protection-Principles and practice. In Proceedings of the American Federation of Information Processing Societies National Semiannual Computer Conference Spring Joint Computer Conference (AFIPS'72). 40, 417-429.
8. HARRISON, M. A., RUZZO, W. L., AND ULLMAN, J. D. 1976. Protection in operating systems. Comm. ACM 19, 8, 461-471.
9. JAEGER, T. AND TIDSWELL, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Inf. Syst. Sec. 4, 2, 158-190.
10. KOCH, M., MANCINI, L. V., AND PARISI-PRESICCE, F. 2002a. Decidability of safety in graphbased models for access control. In Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS'02). Springer, 229-243.
11. KOCH, M.,MANCINI, L. V., AND PARISI-PRESICCE, F. 2002b. A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Sec. 5, 3 (Aug.), 332-365.
12. LAMPSON, B. W. 1971. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems (CISS'71). (Reprinted in ACM Operat. Syst. Rev. 8, 1, 18-24).
13. LE BERRE, D. 2006. SAT4J: A satisfiability library for Java. Retrieved from http://www.sat4j.org/.
14. LI, N., BIZRI, Z., AND TRIPUNITARA, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the ACM Conference on Computer and Communications Security (CCS'04). ACM Press, 42-51.
15. LI, N., MITCHELL, J. C., AND WINSBOROUGH, W. H. 2005. Beyond proof-of-compliance: Security analysis in trust management. J. ACM 52, 3, 474-514.
16. LI, N. AND TRIPUNITARA, M. V. 2004. Security analysis in role-based access control. In Proceedings of the 9th ACM Symposium on Access Control Models and Technologies (SACMAT'04). 126-135.
17. LIPTON, R. J. AND SNYDER, L. 1977. A linear time algorithm for deciding subject security. J. ACM 24, 3, 455-464.
18. NASH, M. J. AND POLAND, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP'90). 201-209.
19. PAPADIMITRIOU, C. H. 1994. Computational Complexity. Addison Wesley Longman.
20. SALTZER, J. H. AND SCHROEDER,M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278-1308.
21. SANDHU, R. 1990. Separation of duties in computerized information systems. In Proceedings of the International Federation Information Processing WG11.3 Workshop on Database Security (IFIP'90)
22. SANDHU, R. S. 1988a. The schematic protection model: Its definition and analysis for acyclic attenuating systems. J. ACM 35, 2, 404-432.
23. SANDHU, R. S. 1988b. Transaction control expressions for separation of duties. In Proceedings of the 4th Annual Computer Security Applications Conference (ACSAC'88).
24. SANDHU, R. S. 1992. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy (SP'92). IEEE Computer Society Press, 122-136.
25. SANDHU, R. S., COYNE, E. J., FEINSTEIN, H. L., AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38-47.
26. SIMON, T. T. AND ZURKO, M. E. 1997. Separation of duty in role-based environments. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW'97). IEEE Computer Society Press, 183-194.
27. WANG, Q. AND LI, N. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'07).