Role-Based Access Control Models
Computer
The entity-relationship model—toward a unified view of data
ACM Transactions on Database Systems (TODS) - Special issue: papers from the international conference on very large data bases: September 22–24, 1975, Framingham, MA
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A reference model for team-enabled workflow management systems
Data & Knowledge Engineering
Authorization and Access Control of Application Data in Workflow Systems
Journal of Intelligent Information Systems - Special issue: A survey of research questions for intelligent information systems in education
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Dynamic access control through Petri net workflows
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Task-role-based access control model
Information Systems
Workflow Management: Models, Methods, and Systems
Workflow Management: Models, Methods, and Systems
Access control in collaborative systems
ACM Computing Surveys (CSUR)
A Petri net based safety analysis of workflow authorization models^1
Journal of Computer Security
A policy-based authorization model for workflow-enabled dynamic process management
Journal of Network and Computer Applications
International Journal of Computer Integrated Manufacturing
Task-activity based access control for process collaboration environments
Computers in Industry
First Course in Database Systems
First Course in Database Systems
Hi-index | 0.00 |
In existing Active Access Control (AAC) models, the scalability and flexibility of security policy specification should be well balanced, especially: (1) authorizations to plenty of tasks should be simplified; (2) team workflows should be enabled; (3) fine-grained constraints should be enforced. To address this issue, a family of Association-Based Active Access Control (ABAAC) models is proposed. In the minimal model ABAAC"0, users are assigned to roles while permissions are assigned to task-role associations. In a workflow case, to execute such an association some users assigned to its component role will be allocated. The association's assigned permissions can be performed by them during the task is running in the case. In ABAAC"1, a generalized association is employed to extract common authorizations from multiple associations. In ABAAC"2, a fine-grained separation of duty (SoD) is enforced among associations. In the maximal model ABAAC"3, all these features are integrated, and similar constraints can be specified more concisely. Using a software workflow, case validation is performed. Comparison with a representative association based AAC model and the most scalable AAC model so far indicates that: (1) enough scalability is achieved; (2) without decomposition of a task, different permissions can be authorized to multiple roles in it; (3) separation of more fine-grained duties than roles and tasks can be enforced.