A Methodology for Bridging between RBAC and an Arbitrary Application Program

Authors:
Candy Wai-Yue Shum;Sylvia L. Osborn;He Wang
Affiliations:
Dept. of Computer Science, The University of Western Ontario, London, Canada;Dept. of Computer Science, The University of Western Ontario, London, Canada;Dept. of Computer Science, The University of Western Ontario, London, Canada
Venue:
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Year:
2008

Citing 7
Cited 0

A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
Role-Based Access Control Models

Computer
The role graph model and conflict of interest

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
RBAC in UNIX administration

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Solaris System Administrator's Guide

Solaris System Administrator's Guide
Access Rights Administration in Role-Based Security Systems

Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Oracle Database 10g The Complete Reference

Oracle Database 10g The Complete Reference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Role-Based Access Control (RBAC) models have been available since the early 1990s. However, there is no well-understood methodology for using RBAC with an arbitrary application program. We highlight tradeoffs between the ANSI RBAC model and the Role Graph Model, and also enumerate different versions of each. We then discuss alternatives to bridging between an RBAC model and an ad hoc program. An example of the application of one of the alternatives is given.