Role-Based Access Control Models
Computer
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Provisions and Obligations in Policy Rule Management
Journal of Network and Systems Management
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Obligation Policies: An Enforcement Platform
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy and Contextual Integrity: Framework and Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Computer Security - ESORICS 2004: 9th European Symposium on Research Computer Security, Sophia Antipolis, France, September 13-15, 2004. Proceedings (Lecture Notes in Computer Science)
The monitorability of service-level agreements for application-service provision
WOSP '07 Proceedings of the 6th international workshop on Software and performance
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
An Access Control Language for a General Provenance Model
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Toward practical authorization-dependent user obligation systems
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
Analysis of privacy and security policies
IBM Journal of Research and Development
Policy framework for security and privacy management
IBM Journal of Research and Development
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
Protecting critical infrastructures while preserving each organization's autonomy
ICDCIT'11 Proceedings of the 7th international conference on Distributed computing and internet technology
xfACL: an extensible functional language for access control
Proceedings of the 16th ACM symposium on Access control models and technologies
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Formal enforcement and management of obligation policies
Data & Knowledge Engineering
Obligation language and framework to enable privacy-aware SOA
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Specification and verification of access control policies in EB3SEC: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Ensuring authorization privileges for cascading user obligations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
An Integrated Approach for the Enforcement of Contextual Permissions and Pre-Obligations
International Journal of Mobile Computing and Multimedia Communications
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
A privacy framework for the personal web
The Personal Web
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
Hi-index | 0.00 |
In this paper, we present a novel obligation model for the Core Privacy-aware Role Based Access Control (P-RBAC), and discuss some design issues in detail. Pre-obligations, post-obligations, conditional obligations, and repeating obligations are supported by the obligation model. Interaction between permissions and obligations is discussed, and efficient algorithms are provided to detect undesired effects.