Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Model checking
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
The Authorization Service of Tivoli Policy Director
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Applying Semantic Knowledge to Real-Time Update of Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Understanding and developing role-based administrative models
Proceedings of the 12th ACM conference on Computer and communications security
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Cooperative secondary authorization recycling
Proceedings of the 16th international symposium on High performance distributed computing
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Fast exact and heuristic methods for role minimization problems
Proceedings of the 13th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Detecting and resolving policy misconfigurations in access-control systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Shadow configuration as a network management primitive
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Permission Set Mining: Discovering Practical and Useful Roles
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
Toward practical analysis for trust management policy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Automating role-based provisioning by learning from examples
Proceedings of the 14th ACM symposium on Access control models and technologies
A formal framework to elicit roles with business meaning in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Role-based access control (RBAC) has significantly simplified the management of users and permissions in computing systems. In dynamic environments, systems are subject to changes, so that the associated configurations need to be updated accordingly in order to reflect the systems' evolution. Access control update is complex, especially for large-scale systems; because the updated system is expected to meet necessary constraints. This paper presents a tool, RoleUpdater, which answers administrators' high-level update request for role-based access control systems. RoleUpdater is able to automatically check whether a required update is achievable and, if so, to construct a reference model. In light of this model, administrators could fulfill the changes to RBAC systems. RoleUpdater is able to cope with practical update requests, e.g., that include role hierarchies and administrative rules in effect. Moreover, RoleUp-dater can also provide minimal update in the sense that no redundant changes are implemented.