As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries. The proposed delegation ...
详细信息
ISBN:
(纸本)9781581134964
As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries. The proposed delegation framework addresses the issue of how to advocate selective information sharing in role-based systems while minimizing the risks of unauthorized access. We introduce a systematic approach to specify delegation and revocation policies using a set of rules. We demonstrate the feasibility of our framework through policy specification, enforcement, and a proof-of-concept implementation on specific domains, e.g. the healthcare environment. We believe that our work can be applied to organizations that rely heavily on collaborative tasks.
A Generalized Temporal Role Based accesscontrol (GTRBAC) model that allows specification of a comprehensive set of temporal constraint for accesscontrol has recently been proposed. The model constructs allow one to ...
详细信息
ISBN:
(纸本)9781581134964
A Generalized Temporal Role Based accesscontrol (GTRBAC) model that allows specification of a comprehensive set of temporal constraint for accesscontrol has recently been proposed. The model constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. However, Temporal constraints on role enablings and role activations can have various implications on a role hierarchy. In this paper, we present an analysis of the effects of GTRBAC temporal constraints on a role hierarchy and introduce various kinds of temporal hierarchies. In particular, we show that there are certain distinctions that need to be made in permission inheritance and role activation semantics in order to capture all the effects of GTRBAC constraints such as role enablings and role activations on a role hierarchy.
Role-based accesscontrol (RBAC) is recognized as an excellent model for accesscontrol in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solut...
详细信息
ISBN:
(纸本)9781581134964
Role-based accesscontrol (RBAC) is recognized as an excellent model for accesscontrol in an enterprise environment. In large enterprises, effective RBAC administration is a major issue. ARBAC97 is a well-known solution for decentralized RBAC administration. ARBAC97 authorizes administrative roles by means of role ranges' and prerequisite conditions'. Although attractive and elegant in their own right, we will see that these mechanisms have significant *** propose an improved role administration model named ARBAC02 to overcome the weaknesses of ARBAC97. ARBAC02 adopts the organization unit for new user and permission pools independent of role or role hierarchy. It uses a refined prerequisite condition. In addition, we present a bottom-up approach to permission-role administration in contrast to the top-down approach of ARBAC97.
The need for accesscontrol in a hierarchy arises in severaldifferent contexts. One such context is managing the information ofan organization where the users are divided into different securityclasses depending on wh...
详细信息
ISBN:
(纸本)9781581134964
The need for accesscontrol in a hierarchy arises in severaldifferent contexts. One such context is managing the information ofan organization where the users are divided into different securityclasses depending on who has access to what. Several cryptographicsolutions have been proposed to address this problem --- thesolutions are based on generating cryptographic keys for eachsecurity class such that the key for a lower level security classdepends on the key for the security class that is higher up in thehierarchy. Most solutions use complex cryptographic techniques:integrating these into existing systems may not be trivial. Othershave impractical requirement: if a user at a security level wantsto access data at lower levels, then all intermediate nodes must betraversed. Moreover, if there is an accesscontrol policy that doesnot conform to the hierarchical structure, such policy cannot behandled by existing solutions. We propose a new solution thatovercomes the above mentioned shortcomings. Our solution not onlyaddresses the problem of accesscontrol in a hierarchy but also canbe used for general cases. It is a scheme similar to the RSAcryptosystem and can be easily incorporated in existing systems.
In this paper we develop the concept of Usage control (UCON) that encompasses traditional accesscontrol, trust management, and digital rights management and goes beyond them in its definition and scope. While usage c...
ISBN:
(纸本)9781581134964
In this paper we develop the concept of Usage control (UCON) that encompasses traditional accesscontrol, trust management, and digital rights management and goes beyond them in its definition and scope. While usage control concepts have been mentioned off and on in the security literature for some time, there has been no systematic treatment so far. By unifying these three areas UCON offers a promising approach for the next generation of accesscontrol. Traditional accesscontrol has focused on a closed system where all users are known and primarily utilizes a server-side reference monitor within the system. Trust management has been introduced to cover authorization for strangers in an open environment such as the Internet. Digital rights management has dealt with client-side control of digital information usage. Each of these areas is motivated by its own target problems. Innovations in information technology and business models are creating new security and privacy issues which require elements of all three areas. To deal with these in a systematic unified manner we propose the new UCON model. UCON enables finer-grained control over usage of digital objects than that of traditional accesscontrol policies and models. For example, print once as opposed to unlimited prints. Unlike traditional accesscontrol or trust management, it covers both centrally controllable environment and an environment where central control authority is not available. UCON also deals with privacy issues in both commercial and non-commercial environments. In this paper we first discuss accesscontrol, trust management, and digital rights management and describe general concepts of UCON in the information security discipline. Then we define components of the UCON model and discuss how authorizations and accesscontrols can be applied in the UCON model. Next we demonstrate some applications of the UCON model and develop further details. We use several examples during these discussions to sh
The proceedings contains 16 papers from proceedings of the Sixth acmsymposium on accesscontrolmodels and technologies: SacmAT 2001. The topics discussed include: the role-based accesscontrol system of a European B...
详细信息
ISBN:
(纸本)1581133502
The proceedings contains 16 papers from proceedings of the Sixth acmsymposium on accesscontrolmodels and technologies: SacmAT 2001. The topics discussed include: the role-based accesscontrol system of a European Bank: a case study and discussion;securing context-aware applications using environment roles;flexible team-based accesscontrol using contexts;security verification of programs with stack inspection;a logical framework for reasoning about accesscontrolmodels and accesscontrol mechanisms for inter-organizational workflow.
A uniform and precise framework for the specification of accesscontrol policies is proposed. The uniform framework allows the detailed comparison of different policy models, the precise description of the evolution o...
详细信息
ISBN:
(纸本)1581133502
A uniform and precise framework for the specification of accesscontrol policies is proposed. The uniform framework allows the detailed comparison of different policy models, the precise description of the evolution of a policy, and an accurate analysis of the interaction between policies and of the behavior of their integration. The evolution and integration of policies are illustrated using a Discretionary accesscontrol policy and a Lattice Based accesscontrol policy. The framework is based on the theory of graph transformations.
暂无评论