Role-Based Access Control Models
Computer
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
A lattice model of secure information flow
Communications of the ACM
Secure virtual enclaves: Supporting coalition use of distributed application technologies
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Information sharing and security in dynamic coalitions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Lattice-Based Access Control Models
Computer
ACM SIGOPS Operating Systems Review
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Originator Control in Usage Control
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A survey of key management for secure group communication
ACM Computing Surveys (CSUR)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
PEI models towards scalable, usable and high-assurance information sharing
Proceedings of the 12th ACM symposium on Access control models and technologies
Stale-safe security properties for group-based secure information sharing
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
A conceptual framework for Group-Centric secure information sharing
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
To share information and retain control (share-but-protect) is a classic cyber security problem for which effective solutions continue to be elusive. Where the patterns of sharing are well defined and slow to change it is reasonable to apply the traditional access control models of lattice-based, role-based and attribute-based access control, along with discretionary authorization for further fine-grained control as required. Proprietary and standard rights markup languages have been developed to control what a legitimate recipient can do with the received information including control over its further discretionary dissemination. This dissemination-centric approach offers considerable flexibility in terms of controlling a particular information object with respect to already defined attributes of users, subjects and objects. However, it has many of the same or similar problems that discretionary access control manifests relative to role-based access control. In particular specifying information sharing patterns beyond those supported by currently defined authorization attributes is cumbersome or infeasible. Recently a novel mode of information sharing called group-centric was introduced by these authors. Group-centric secure information sharing (g-SIS) is designed to be agile and accommodate ad hoc patterns of information sharing. In this paper we review g-SIS models, discuss their relationship with traditional access control models and demonstrate their agility relative to these.