Towards a task-based paradigm for flexible and adaptable access control in distributed applications
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
A case study of separation of duty properties in the context of the Austrian "eLaw" process.
Proceedings of the 2005 ACM symposium on Applied computing
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Direct static enforcement of high-level security policies
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A Linear time algorithm for deciding security
SFCS '76 Proceedings of the 17th Annual Symposium on Foundations of Computer Science
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
| Hi-index | 0.00 |
Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.