The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
A Content-Based Authorization Model for Digital Libraries
IEEE Transactions on Knowledge and Data Engineering
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
On context in authorization policy
Proceedings of the eighth ACM symposium on Access control models and technologies
Induced role hierarchies with attribute-based RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Model for Attribute-Based User-Role Assignment
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Towards a credential-based implementation of compound access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
A logic-based framework for attribute based access control
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Composing and combining policies under the policy machine
Proceedings of the tenth ACM symposium on Access control models and technologies
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
PRES: a practical flexible RBAC workflow system
ICEC '05 Proceedings of the 7th international conference on Electronic commerce
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
Supporting Attribute-based Access Control with Ontologies
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Using semantic rules to determine access control for web services
Proceedings of the 15th international conference on World Wide Web
Active Authorization Rules for Enforcing Role-Based Access Control and its Extensions
ICDEW '05 Proceedings of the 21st International Conference on Data Engineering Workshops
Authrule: a generic rule-based authorization module
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Privacy preservation with X.509 standard certificates
Information Sciences: an International Journal
A flexible way for adaptive secured service-oriented business processes modeling
Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications
Flexible secure inter-domain interoperability through attribute conversion
Information Sciences: an International Journal
Secure interoperation design in multi-domains environments based on colored Petri nets
Information Sciences: an International Journal
Towards a Flexible and Adaptable Modeling of Business Processes
International Journal of Information Technology and Web Engineering
Hi-index | 0.07 |
Interoperation and services sharing among different systems are becoming new paradigms for enterprise collaboration. To keep ahead in strong competition environments, an enterprise should provide flexible and comprehensive services to partners and support active collaborations with partners and customers. Achieving such goals requires enterprises to specify and enforce flexible security policies for their information systems. Although the area of access control has been widely investigated, current approaches still do not support flexible security policies able to account for different weighs that typically characterize the various attributes of the requesting parties and transactions and reflect the access control criteria that are relevant for the enterprise. In this paper we propose a novel approach that addresses such flexibility requirements while at the same time reducing the complexity of security management. To support flexible policy specification, we define the notion of restraint rules for authorization management processes and introduce the concept of impact weight for the conditions in these restraint rules. We also introduce a new data structure for the encoding of the condition tree as well as the corresponding algorithm for efficiently evaluating conditions. Furthermore, we present a system architecture that implements above approach and supports interoperation among heterogeneous platforms.