A framework for risk-aware role based access control

2013 IEEE Conference on Communications and Network Security, CNS 2013

Volumn , Issue , 2013, Pages 462-469

  Bijon, Khalid Zaman ^a   Krishnan, Ram ^b   Sandhu, Ravi ^a  

^a University of Texas at San Antonio   (United States)

^b The University of Texas at San Antonio   (United States)

Author keywords

Access Control; Policy; RBAC; Risk

Indexed keywords

NETWORK SECURITY; PUBLIC POLICY; RISK PERCEPTION; RISKS;

ACCESS DECISION; CONSTRAINT-BASED; DYNAMIC SEPARATION OF DUTY; FORMAL SPECIFICATION; INHERENT FLEXIBILITY; RBAC; RESEARCH COMMUNITIES; ROLE-BASED ACCESS CONTROL;

ACCESS CONTROL;

EID: 84893591320     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CNS.2013.6682761     Document Type: Conference Paper

References (24)

1. Gail-Joon Ahn and Ravi Sandhu. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur., 3(4):207-226, November 2000.
2. Khalid Bijon, Ravi Sandhu, and Ram Krishnan. A group-centric model for collaboration with expedient insiders in multilevel systems. In International Symp. on Security in Collaboration Technologies and Systems, 2012.
3. Khalid Zaman Bijon, Tahmina Ahmed, Ravi Sandhu, and Ram Krishnan. A lattice interpretation of group-centric collaboration with expedient insiders. In Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2012 8th International Conference on, pages 200-209. IEEE, 2012.
4. Khalid Zaman Bijon, Ram Krishnan, and Ravi Sandhu. Risk-aware RBAC sessions. In Information Systems Security, pages 59-74. Springer, 2012.
5. Khalid Zaman Bijon, Ram Krishnan, and Ravi Sandhu. Towards an attribute based constraints specfication language. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom). IEEE, 2013.
6. L Chen and J Crampton. Risk-aware role-based access control. In 7th International Workshop on Security and Trust Management, 2011.
7. Liang Chen, Luca Gasparini, and Timothy J Norman. XACML and risk-aware access control. Resource, 2(10):3-5, 2013.
8. Pau-Chen Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In Security and Privacy, 2007., pages 222-230, may 2007.
9. David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In Proc. of the IEEE S&P, 1987.
10. David Ferraiolo, Janet Cugini, and Richard Kuhn. Role-based access control (RBAC): Features and motivations. In 1th Annual Computer Security Application Conference, pages 241-248. IEEE, 1995.
11. David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST standard for role-based access control. ACM Tran. Inf. Sys. Sec., 2001.
12. Virgil D Gligor et al. On the formal definition of separation-of-duty policies and their composition. In Security & Privacy. IEEE, 1998.
13. Trent Jaeger. On the increasing importance of constraints. In fourth ACM workshop on Role-based access control, pages 33-42. ACM, 1999.
14. Xin Jin, Ram Krishnan, and Ravi Sandhu. A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC. In DBSec, 2012.
15. S. Kandala, R. Sandhu, and V. Bhamidipati. An attribute based framework for risk-adaptive access control models. In Avail., Reliab. and Sec. (ARES), aug. 2011.
16. Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, and Alessandra Russo. Risk-based security decisions under uncertainty. CODASPY '12, 2012.
17. Michael J Nash and Keith R Poland. Some conundrums concerning separation of duty. In Research in Security and Privacy, pages 201-207. IEEE, 1990.
18. Qun Ni, Elisa Bertino, and Jorge Lobo. Risk-based access control systems built on fuzzy inferences. ASIACCS '10, pages 250-260, New York, NY, USA, 2010. ACM.
19. MITRE Corporation Jason Program Office. Horizontal integration: Broader access models for realizing information dominance. Technical Report JSR-04-132, MITRE Corporation, 2004.
20. F. Salim, J. Reid, E. Dawson, and U. Dulleck. An approach to access control under uncertainty. In Avail., Reliab. and Sec. (ARES), pages 1-8, aug. 2011.
21. Ravi Sandhu. Transaction control expressions for separation of duties. In Proc. of the 4th ACSAC, 1988.
22. Ravi S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11), 1993.
23. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. Computer, 29(2):38-47, feb 1996.
24. Richard T Simon and Mary Ellen Zurko. Separation of duty in role-based environments. In CSFW, pages 183-194. IEEE, 1997.