Role-Based Access Control Models
Computer
The management of computer security profiles using a role-oriented approach
Computers and Security
Future directions in role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A skeptical view of DRM and fair use
Communications of the ACM - Digital rights management
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Experiences with the enforcement of access rights extracted from ODRL-based digital contracts
Proceedings of the 3rd ACM workshop on Digital rights management
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Proceedings of the 4th ACM workshop on Digital rights management
DRM, trusted computing and operating system architecture
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Fairer usage contracts for DRM
Proceedings of the 5th ACM workshop on Digital rights management
Verifiable digital object identity system
Proceedings of the ACM workshop on Digital rights management
The problem with rights expression languages
Proceedings of the ACM workshop on Digital rights management
A four-layer model for security of digital rights management
Proceedings of the 8th ACM workshop on Digital rights management
A formal conceptual model for rights
Proceedings of the 8th ACM workshop on Digital rights management
A secure digital asset managment network for game development and education
Future Play '08 Proceedings of the 2008 Conference on Future Play: Research, Play, Share
On the operational semantics of rights expression languages
Proceedings of the nineth ACM workshop on Digital rights management
Secure distribution of confidential information via self-destructing data
DNCOCO'09 Proceedings of the 8th WSEAS international conference on Data networks, communications, computers
Semantic Usage Policies for Web Services
ISWC '09 Proceedings of the 8th International Semantic Web Conference
A digital rights management model for healthcare
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
An interoperable usage management framework
Proceedings of the tenth annual ACM workshop on Digital rights management
A self-destructing file distribution system with feedback for peer-to-peer networks
ACS'09 Proceedings of the 9th WSEAS international conference on Applied computer science
A domain specific language for usage management
Proceedings of the 11th annual ACM workshop on Digital rights management
| Hi-index | 0.00 |
Digital rights management (DRM) can be considered to be a mechanism to enforce access control over a resource without considering its location. There are currently no formal models for DRM, although there has been some work in analysing and formalising the interpretation of access control rules in DRM systems. A formal model for DRM is essential to provide specific access control semantics that are necessary for creating interoperable, unambiguous implementations. In this paper, we discuss how DRM differs as an access control model to the three well known traditional access control models - DAC, MAC and RBAC, and using these existing approaches motivate a set of requirements for a formal model for DRM. Thereafter, we present a formal description of LiREL, a rights expression language that is able to express access control policies and contractual agreement in a single use license. Our motivation with this approach is to identify the different components in a license contract and define how these components interact within themselves and with other components of the license. A formal notation allows for an uniform and unambiguous interpretation and implementation of the access control policies.