SACMAT

Using an underlying role-based model for the administration of roles has proved itself to be a successful approach. This paper sets out to describe the enterprise role-based access control model (ERBAC) in the context of SAM Jupiter, a commercial ...

Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products ...

In large organizations the administration of access privileges (such as the assignment of an access right to a user in a particular role) is handled cooperatively through distributed administrators in various different capacities. A quorum may be ...

Role-based access control (RBAC) is well accepted as a good technology for managing and designing access control in systems with many users and many objects. Much of the research on RBAC has been done in an environment isolated from real systems which ...

Constraints in access control in general and separation of duty constraints in particular are an important area of research. There are two important issues relating to constraints: their specification and their enforcement. We believe that existing ...

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC's language constructs allow one to specify various temporal constraints on ...

This paper presents an approach that uses special purpose RBAC constraints to base certain access control decisions on context information. In our approach a context constraint is defined as a dynamic RBAC constraint that checks the actual values of one ...

Authorization policy infrastructures are evolving with the complex environments that they support. However, the requirements and technologies supporting context are not yet well understood. Often implemented as condition functions or predefined ...

In Peer-to-Peer (P2P) computing environments, each participant (peer) acts as both client and content provider. This satisfies the requirement that resources should be increasingly made available by being published to other users from a user's machine. ...

Model Driven Architecture is an approach to increasing the quality of complex software systems based on creating high-level system models and automatically generating system architectures from the models. We show how this paradigm can be specialized to ...

Secure exchange of data over the web is becoming more and more important today. By secure data exchange we mean that privacy and integrity are ensured when documents flow among different parties. A key issue in this scenario is how to ensure that web ...

We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based ...

Various security models have been proposed in recent years for different purposes. Each of these aims to ease administration by introducing new types of security policies and models. This increases the complexity a system administrator is faced with. ...

The Role-Based Access Control (RBAC) model is traditionally used to manually assign users to appropriate roles. When the service-providing enterprise has a massive customer base, assigning users to roles ought to be automated. RB-RBAC (Rule-Based RBAC) ...

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...

Traditional access control mechanisms rely on a reference monitor to mediate access to protected resources. Reference monitors are inherently centralized and existing attempts to distribute the functionality of the reference monitor suffer from problems ...

In this paper we present an approach to modeling system-centric information in order to facilitate role engineering (RE). In particular, we first discuss the general characteristics of the information required in RE. Afterwards, we discuss two ...

In this paper we describe the work devising a new technique for role-finding to implement Role-Based Security Administration. Our results stem from industrial projects, where large-scale customers wanted to migrate to Role-Based Access Control (RBAC) ...

In the health care sector, access to medical information is more and more electronically achieved. Therefore, it is very important to define security policies which restrict access to pieces of information in order to guarantee security properties like ...

In this paper, we present static verification of security requirements for CSCW systems using finite-state techniques, i.e., model checking. The coordination and security constraints of CSCW systems are specified using a role based collaboration model. ...

The focus of access control in client/server environments is on protecting sensitive server resources by determining whether or not a client is authorized to access those resources. The set of resources are usually static, and an access control policy ...

Traditional network security technologies such as firewalls and intrusion detection systems usually work according to a static ruleset only. We believe that a better approach to network security can be achieved if we use quantified levels of risk as an ...

We investigate the cost of changing access control policies dynamically as a response action in computer network defense. We compare and contrast the use of access lists and capability lists in this regard, and develop a quantitative feel for the ...