Policy Management Using Access Control Spaces

ACM Transactions on Information and System Security

Volumn 6, Issue 3, 2003, Pages 327-364

  Jaeger, Trent ^a   Zhang, Xiaolan ^a   Edwards, Antony ^b  

^a IBM T J Watson Research Center ^*  (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Access control models; authorization mechanisms; Design; Management; role based access control; Security

Indexed keywords

EID: 84968352943     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/937527.937528     Document Type: Article

References (36)

1. Ahn, G.-J., Sandhu, R., 2000. Role-based authorization constraints specification.ACM Trans. Inf. Syst. Security 3, 4 (Nov. 2000).
2. Ammann, P., Sandhu, R., 1991. Safety analysis for the extended schematic protection model. In Proceedings of the IEEE Symposium on Research in Security and Privacy. IEEE, 1991.
3. Ammann, P., Sandhu, R., 1992. The extended schematic protection model.J. Comput. Security 1 (1992).
4. Ammann, P., Sandhu, R., 1994. One-representative safety analysis in the non-monotonic transform model. In Proceedings of the 7th IEEE Computer Security Foundations Workshop (1994), IEEE, 138-149.
5. Atluri, V., Gal, A., 2002. An authorization model for temporal and derived data: Securing information portals.ACM Trans. Inf. Syst. Security 5, 1 (Feb. 2002).
6. Bacon, J., Moody, K., Yao, W., 2002. A model of OASIS role-based access control and its support for active security.ACM Trans. Inf. Sys. Security 5, 4 (Nov. 2002).
7. Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., Haghighat, S. A., 1995. A domain and type enforcement UNIX prototype. In Proceedings of the 1995 USENIX Security Symposium, 1995. Also available from TIS online archives.
8. Bell, D., Lapadula, L., 1973. Secure computer systems: Mathematical foundations (Vol. 1). Tech. Rep. ESD-TR-73-278, Mitre Corp. 1973.
9. Bertino, E., Catania, B., Ferrari, E., Perlasca, P., 2003. A logical framework for reasoning about access control models.ACM Trans. Inf. Syst. Security 6, 1 (Feb. 2003).
10. Biba, K. J., 1975. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, Mitre Corp. June 1975.
11. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A., 1999. The Key Note trust-management system, version 2. IETF RFC 2704, Sept. 1999.
12. Boebert, W. E., Kain, R. Y., 1985. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference (Gaithersburg, MD, 1985).
13. Chen, F., Sandhu, R., 1994. Constraints for role-based access control. In Proceedings of the 1st Workshop on Role-based Access Control (1994).
14. Ferraiolo, D., Barkley, J., Kuhn, D. R., 1999. A role-based access control model and reference implementation within a corporate intranet.ACM Trans. Inf. Syst. Security 2, 1 (Feb. 1999).
15. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D. R., Chandramouli, R., 2001. Proposed NIST standard for role-based access control.ACM Trans. Inf. Syst. Security 4, 3 (Aug. 2001).
16. Ferrari, E., Thuraisingham, B., 2000. Secure database systems. In Advanced Databases: Technology and Design O. Diaz and M. Piattini, Eds., 2000.
17. Harrison, M. A., Ruzzo, W. L., Ullman, J. D., 1976. Protection in operating systems.Commun. ACM 19, 8 (Aug. 1976).
18. Jaeger, T., 2001. Managing access control complexity using metrics. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, May 2001.
19. Jaeger, T., Tidswell, J. E., 2001. Practical safety in flexible access control models.ACM Trans. Inf. Syst. Security 4, 2 (May 2001).
20. Jaeger, T., Edwards, A., Zhang, X., 2002. Managing access control policies using access control spaces. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, June 2002.
21. Jajodia, S., Samarati, P., Subrahmanian, V., 1997. A logical language for expressing authorizations. In Proceedings of the IEEE Symposium on Security and Privacy, 1997.
22. Joshi, J., Bertino, E., Ghafoor, A., 2002. Temporal hierarchies and inheritance semantics for GTRBAC. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, June 2002.
23. Kim, W., 1990.Introduction to Object-Oriented Databases. 1990.
24. Koch, M., Mancini, L., Parisi-Presicce, F., 2002. Decidability of safety in graph-based models for access control. In Proceedings of ESORICS 2002, Oct. 2002.
25. Koch, M., Mancini, L., Parisi-Presicce, F., 2002. A graph formalism for RBAC.ACM Trans. Inf. Syst. Security 5, 3 (Aug. 2002).
26. Li, N., Grosof, B., Feigenbaum, J., 2003. Delegation logic: A logic-based approach to distributed authorization.ACM Trans. Inf. Syst. Security 6, 1 (Feb. 2003).
27. Li, N., Winsborough, W. H., Mitchell, J. C., 2003. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the IEEE Symposium on Security and Privacy, May 2003.
28. Longstaff, J. J., Lockyer, M. A., Capper, G., Thick, M. G., 2000. A model of accountability, confidentiality, and override for healthcare and other applications. In Proceedings of 5th ACM Workshop on Role-Based Access Control, July 2000.
29. Nyanchama, M., Osborn, S., 1999. The role graph model and conflict of interest.ACM Trans. Inf. Syst. Security 2, 1, ACM, February 1999.
30. Sandhu, R. S., Coyne, E., Feinstein, H. L., Youman, C. E., 1994. Role-based access control: A multidimensional view. In Proceedings of the 10th Computer Security Applications Conference, 1994.
31. Sandhu, R. S., Coyne, E., Feinstein, H. L., Youman, C. E., 1996. Role-based access control models.IEEE Computer 29, 2 (Feb. 1996), 38-47.
32. Smalley, S., 2002. Configuring the SELinux policy. NAI Labs Rep. 02-007, available at www.nsa.gov/selinux. June 2002.
33. Snyder, L., 1997. On the synthesis and analysis of protection systems. In Proceedings of the 6th ACM Symposium on Operating System Principles, ACM, 1997, 141-150.
34. Sterne, D., Branstad, M., Hubbard, B., Mayer, B., Wolcott, D., 1991. An analysis of application-specific security policies. In Proceedings of the 14th National Computer Security Conference, 1991.
35. Swift, M., Brundett, P., Vandyke, C., Garg, P., Hopkins, A., Chan, S., Goertzel, M., Jensenworth, G., 2002. IMPROVING THE GRANULARITY OF ACCESS CONTROL FOR WINDOWS 2000. ACM Trans. Inf. Syst. Security 5, 4 (Nov. 2002).
36. Thomsen, D., 1991. Role-based application design and enforcement. In Database Security IV: Status and Prospects, 1991.