A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Reasoning about knowledge
Role-Based Access Control Models
Computer
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control
ECSQARU/FAPR '97 Proceedings of the First International Joint Conference on Qualitative and Quantitative Practical Reasoning
Tableaux Methods for Access Control in Distributed Systems
TABLEAUX '97 Proceedings of the International Conference on Automated Reasoning with Analytic Tableaux and Related Methods
Formalization of RBAC policy with object class hierarchy
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Specification of history based constraints for access control in conceptual level
ICISS'10 Proceedings of the 6th international conference on Information systems security
Hi-index | 0.01 |
This paper addresses a variation of the role-based access control (RBAC) model with a classification mechanism for objects and a notion of class hierarchies. In the proposed model, the authorization tasks are performed based on the classes instead of the individual objects. This results in more flexibility in terms of security administrative tasks such as downgrading or upgrading individual objects and permission assignments. A formalization for this model is presented using K45 modal logic. The prefixed tableaux method is used to reason about the access control. The required rules for the reasoning process are also presented. The proposed model is applied, via an example to protect the secrecy of the information in a typical organization.