Societal vulnerability to computer system failures
Computers and Security
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Authentication in distributed systems: theory and practice
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Communications of the ACM
The ObjectStore database system
Communications of the ACM
The GemStone object database management system
Communications of the ACM
The POSTGRES next generation database management system
Communications of the ACM
Extensions to Starburst: objects, types, functions, and rules
Communications of the ACM
Database systems: achievements and opportunities
Communications of the ACM
Communications of the ACM
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Communications of the ACM
ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Transaction Processing: Concepts and Techniques
Transaction Processing: Concepts and Techniques
A storage subsystem for image and records management
IBM Systems Journal
A rule-based framework for role based delegation
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
Formal specification of role-based security policies for clinical information systems
Proceedings of the 2005 ACM symposium on Applied computing
TrustBAC: integrating trust relationships into the RBAC model for access control in open systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Protecting Information Sharing in Distributed Collaborative Environment
Advanced Web and NetworkTechnologies, and Applications
Dynamic, context-aware, least-privilege grid delegation
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
A Mechanism for Identity Delegation at Authentication Level
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
A framework for flexible access control in digital library systems
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
| Hi-index | 0.00 |
Efforts to place vast information resources at the fingertips of each individual in large user populations must be balanced by commensurate attention to information protection. For distributed systems with less-structured tasks, more-diversified information, and a heterogeneous user set, the computing system must administer enterprise-chosen access control policies. One kind of resource is a digital library that emulates massive collections of paper and other physical media for clerical, engineering, and cultural applications. This article considers the security requirements for such libraries and proposes an access control method that mimics organizational practice by combining a subject tree with ad hoc role granting that controls privileges for many operations independently, that treats (all but one) privileged roles (e.g., auditor, security officer) like every other individual authorization, and that binds access control information to objects indirectly for scaling, flexibility, and reflexive protection. We sketch a realization and show that it will perform well, generalizes many deployed proposed access control policies, and permits individual data centers to implement other models economically and without disruption.