I-RBAC: Isolation enabled role-based access control

2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

Volumn , Issue , 2011, Pages 79-86

  Gunti, Nagajyothi ^a   Sun, Weiqing ^a   Niamat, Mohammed ^a  

^a The University of Toledo   (United States)

Author keywords

Access Control Model; I RBAC; Isolation; Role based Access Control; Security Policy

Indexed keywords

ACCESS CONTROL MODELS; I-RBAC; ISOLATION; ROLE-BASED ACCESS CONTROL; SECURITY POLICY;

COMPUTER CONTROL SYSTEMS; HEALTH CARE; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 80052096520     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PST.2011.5971967     Document Type: Conference Paper

References (34)

1. "An Introduction to Role-based Access Control," NIST/ITL Bulletin, 1995.
2. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn and R. Chandramouli, "Proposed NIST standard for role-based access control," ACM Trans. on Information and System Security (TISSEC), pp. 224-274, Aug. 2001.
3. R. S. Sandhu, E. J. Coyne and H. L. Feinstein, C. E. Youman, "Role-Based Access Control Models," in Proc. IEEE Computer Security, vol. 29, no. 2, pp. 38-47, Feb. 1996.
4. A. Ferreira, D. Chadwick, P. Farinha, R. Correia, Z. Gansen, R. Chilro, and L. Antunes, "How to Securely Break into RBAC: The BTG-RBAC Model," in Proc. Annual Computer Security Applications Conference, pp. 23-31, Dec. 7-11, 2009.
5. A. D. Brucker and H. Petritsch, "Extending Access Control Models with Break-glass," in Proc. Twelfth ACM Symposium on Access Control Models and Technologies, June 2009.
6. S. Osborn, R. Sandhu and Q. Munawer, "Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies," ACM Trans. on Information and System Security, vol. 3, no. 2, pp. 85-106, May 2000.
7. S. Dranger, R. H. Sloan and J. A. Solworth, "The Complexity of Discretionary Access Control," in Proc. First Int. Workshop on Security (IWSEC 06), pp. 405-420, 2006. (Pubitemid 44860067)
8. Z. Liang, W. Sun, V. N. Venkatakrishnan and R. Sekar, "Alcatraz: An Isolated Environment for Experimenting with Untrusted Software," ACM Trans. on Information and System Security (TISSEC), vol. 12, Jan. 2009.
9. H. A. Weber, "Role-Based Access Control: The NIST Solution," in SANS institute InfoSec Reading Room, Oct. 2003.
10. E. Bertino, P. A. Bonatti and E. Ferrari, "TRBAC: A Temporal Role- Based Access Control Model," in Proc. Fifth ACM Workshop on Role- Based Access Control, pp. 21-30, 2000.
11. F. Hansen and V. Oleshchuk, "Spatial Role-Based Access Control Model for Wireless Networks," in Proc. Fifty Eighth IEEE Vehicular Technology Conference (VTC' 03), vol. 3, pp. 2093-2097, Oct. 6-9, 2003.
12. I. Ray and M. Toahchoodee, "A Spatio-Temporal Role-Based Access Control Model," in Proc. Twenty First Annual IFIP WG 11. 3 Working Conference on Data and Application Security, pp. 211-226, July 2007.
13. S. M. Chandran and J. B. D. Joshi, "LoT-RBAC: A Location and Time-based RBAC Model," in Proc. Sixth Int. Conference on Web Information Systems Engineering, vol. 1995, pp. 361-375, 2005. (Pubitemid 43829645)
14. P. Liu, S. Jajodia and C. D. McCollum, "Intrusion confinement by isolation in information systems," in Proc. IFIP Workshop on Database Security, pp. 3-18, 1999.
15. S. Jajodia, P. Liu and C. D. McCollum, "Application-level isolation to cope with malicious database users," in Proc. Fourteenth Annual Computer Security Applications Conference, pp. 73-82, Dec. 7-11, 1998.
16. M. Toahchoodee, X. Xie and I. Ray, "Towards Trustworthy Delegation in Role-Based Access Control Model," in Proc. Twelfth Int. Conference on Information Security, pp. 379-394, Sept. 2009.
17. M. Bishop, Introduction to Computer Security. Prentice Hall PTR, 2004.
18. D. Kim, I. Ray, R. France and N. Li, "Modeling Role-Based Access Control using Parameterized UML Models," in Proc. Fundamental Approaches to Software Engineering (FASE/ETAPS), vol. 2984, pp. 180-193, 2004.
19. G. Zhao, D. Chadwick and S. Otenko, "Obligation for Role Based Access Control," in Proc. IEEE Symposium on Security in Networks and Distributed Systems (SSNDS07),vol. 1, pp. 424-431, May 21-23, 2007. (Pubitemid 47565420)
20. G. Booch, J. Rumbaugh and I. Jacobson, The Unified Modeling Language. Addison Wesley Longman, 1999.
21. C. N. Zhang and C. Yang, "Information Flow Analysis on Role-Based Access Control Model," in Proc. Information Management and Computer Security, vol. 10, no. 5, pp. 225-236, 2002. (Pubitemid 35359380)
22. S. Oh and S. Park, "Task Role-Based Access Control Model," in Proc. Information Systems, vol. 28, no. 6, pp. 533-562, Sept. 2003.
23. A. P. Maranda, G. Goncalves and F. Hemery, "Representation of Extended RBAC Model using UML Language," ACM Trans. On Information and System Security (TISSEC), pp. 413-417, 2005. (Pubitemid 41231150)
24. Y. A. Liu and S. D. Stoller, "Role-based access control: A corrected and simplified specification," SUNY Stony Brook Univ. , Comp. Sci. Dept. , Technical Report DAR 05-24, Dec. 2005.
25. M. Hitchens and V. Varadharajan, "Issues in the Design of a Language for Role Based Access Control," in Proc. ICICS, pp. 22-38, 1999.
26. C. Yang and C. N. Zhang, "A Privacy Enhanced Role-Based Access Control Model for Enterprises," in Proc. ICCNMC, vol. 3619, pp. 1012-1021, 2005. (Pubitemid 41435842)
27. J. Jürjens, "UMLsec: Extending UML for Secure Systems Development," in Proc. Fifth International Conference on the Unified Modeling Language, pp. 412-425, Oct. 2002.
28. P. Epstein and R. Sandhu, "Towards A UML Based Approach to Role Engineering," in Proc. Fourth ACM Workshop on Role-based Access Control, pp. 135-143, 1999.
29. A. D. Brucker, H. Petritsch and S. G. Weber, "Attribute-based Encryption with Break-glass," in Proc. Information Security Theory and Practice (WISTP), pp. 237-244, Springer Verlag, 2010.
30. A. Ferreira, R. Cruz, L. Antunes, P. Farinha, E. Oliveira, D. W. Chadwick and A. Costa, "How to break access control in a controlled manner," in Proc. Nineteenth IEEE Symposium on Computer-based medical Systems (CBMS' 06), pp. 847-854, June 2006.
31. J. Künzi, P. Koster and M. Petkovi?, "Emergency Access to Protected Health Records," Medical Informatics in a United and Healthy Europe, 2009.
32. D. Povey, "Optimistic Security: A New Access Control Paradigm," in Proc. 1999 Workshop on New Security Paradigms, pp. 40-45, 2000.
33. S. Zafar, K. Winter, R. Colvin and R. G. Dromey, "Verification of Integrated Role-Based Access Control Model," in Proc. First Asian Working Conference on Verified Software, pp. 230-241, 2006.
34. E. Helms and L. Williams, "Evaluating Access Control of Open Source Electronic Health Record Systems," in Proc. Thirty Third International Conference on Software Engineering, May 21-28, 2001