Role-Based Access Control Models
Computer
The management of computer security profiles using a role-oriented approach
Computers and Security
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Managing role/permission relationships using object access types
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Formal specification for role based access control user/role and role/role relationship management
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Implementing RBAC on a type enforced system
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Role-based access control in online authoring and publishing systems vs. document hierarchy
SIGDOC '99 Proceedings of the 17th annual international conference on Computer documentation
Role-based access control on the Web using Java
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
An architecture for distributed OASIS services
IFIP/ACM International Conference on Distributed systems platforms
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Security models for web-based applications
Communications of the ACM
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Panel: which access control technique will provide the greatest overall benefit
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An argument for the role-based access control model
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Design and implementation of a flexible RBAC-service in an object-oriented scripting language
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Supporting Efficient Multinational Disaster Response through a Web-Based System
EGOV '02 Proceedings of the First International Conference on Electronic Government
A Knowledge-Based Approach to Internet Authorizations
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
On the Formal Specifications of Electronic Institutions
Agent Mediated Electronic Commerce, The European AgentLink Perspective.
Building Groupwares over Duplicated Object Systems
CRIWG '02 Proceedings of the 8th International Workshop on Groupware: Design, Implementation and Use
A Role-Based Access Control Model and Implementation for Data-Centric Enterprise Applications
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Access Control and Trust in the Use of Widely Distributed Services
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Regulating Work in Digital Enterprises: A Flexible Managerial Framework
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Model-Based Tool-Assistance for Packet-Filter Design
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Generation of Personalized Web Courses Using RBAC
AH '02 Proceedings of the Second International Conference on Adaptive Hypermedia and Adaptive Web-Based Systems
Ariadne, a Development Method for Hypermedia
DEXA '01 Proceedings of the 12th International Conference on Database and Expert Systems Applications
Access control with IBM Tivoli access manager
ACM Transactions on Information and System Security (TISSEC)
Privacy through pseudonymity in user-adaptive systems
ACM Transactions on Internet Technology (TOIT)
Access control and trust in the use of widely distributed services
Software—Practice & Experience - Special issue: Middleware
A flexible payment scheme and its permission-role assignment
ACSC '03 Proceedings of the 26th Australasian computer science conference - Volume 16
ADC '03 Proceedings of the 14th Australasian database conference - Volume 17
A Role-Based Security Architecture for Business Intelligence
TOOLS '00 Proceedings of the Technology of Object-Oriented Languages and Systems (TOOLS 34'00)
Formal description of perfect security
ICCC '02 Proceedings of the 15th international conference on Computer communication
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Meta-Policies for Distributed Role-Based Access Control Systems
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Security for XML messaging services: a component-based approach
Journal of Network and Computer Applications
Outcomes-based assessment as an assurance education tool
Security education and critical infrastructures
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
Policy Storage for Role-Based Access Control Systems
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Dynamic Context-aware Access Control for Grid Applications
GRID '03 Proceedings of the 4th International Workshop on Grid Computing
A role administration system in role-based authorization infrastructures: design and implementation
Proceedings of the 2003 ACM symposium on Applied computing
Design and implementation of a fine-grained menu control processor for web-based information systems
Future Generation Computer Systems - Selected papers on theoretical and computational aspects of structural dynamical systems in linear algebra and control
On the role of roles: from role-based to role-sensitive access control
Proceedings of the ninth ACM symposium on Access control models and technologies
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
A Flexible Payment Scheme and Its Role-Based Access Control
IEEE Transactions on Knowledge and Data Engineering
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
A Coordinated Spatio-Temporal Access Control Model for Mobile Computing in Coalition Environments
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Access control in collaborative systems
ACM Computing Surveys (CSUR)
Composing and combining policies under the policy machine
Proceedings of the tenth ACM symposium on Access control models and technologies
Context sensitive access control
Proceedings of the tenth ACM symposium on Access control models and technologies
ACM Transactions on Information and System Security (TISSEC)
Authorization algorithms for the mobility of user-role relationship
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Modelling hypermedia and web applications: the Ariadne development method
Information Systems
Role-Based Access Control for Grid Database Services Using the Community Authorization Service
IEEE Transactions on Dependable and Secure Computing
Multimedia-based authorization and access control policy specification
Proceedings of the 3rd ACM workshop on Secure web services
Towards secure information sharing using role-based delegation
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Future Generation Computer Systems
Persistent access control: a formal model for drm
Proceedings of the 2007 ACM workshop on Digital Rights Management
A multimedia access control language for virtual and ambient intelligence environments
Proceedings of the 2007 ACM workshop on Secure web services
MCSE: a multimedia context-based security engine
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
RB-GACA: an RBAC based grid access control architecture
International Journal of Grid and Utility Computing
A cost-driven approach to role engineering
Proceedings of the 2008 ACM symposium on Applied computing
Using First-Order Logic to Reason about Policies
ACM Transactions on Information and System Security (TISSEC)
An efficient and transparent transaction management based on the data workflow of HVEM DataGrid
CLADE '08 Proceedings of the 6th international workshop on Challenges of large applications in distributed environments
Role management in adhoc networks
SpringSim '07 Proceedings of the 2007 spring simulaiton multiconference - Volume 1
Towards Modal Logic Formalization of Role-Based Access Control with Object Classes
FORTE '07 Proceedings of the 27th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Modeling Human Aspects of Business Processes --- A View-Based, Model-Driven Approach
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Advanced Permission-Role Relationship in Role-Based Access Control
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment
Journal of Network and Computer Applications
Generalized access control of synchronous communication
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Enforcing role based access control model with multimedia signatures
Journal of Systems Architecture: the EUROMICRO Journal
The Design of a New Policy Model to Support Ontology-Driven Reasoning for Autonomic Networking
Journal of Network and Systems Management
A Generic Protocol for Controlling Access to Mobile Services
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
Detecting Inference Channels in Private Multimedia Data via Social Networks
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Role based access control for a medical database
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
Enabling scientific collaboration on the Grid
Future Generation Computer Systems
Modelling hypermedia and web applications: the Ariadne Development Method
Information Systems
A system for visual role-based policy modelling
Journal of Visual Languages and Computing
A closer look to the V-model approach for role engineering
WSEAS Transactions on Computers
IT-security and privacy: design and use of privacy-enhancing security mechanisms
IT-security and privacy: design and use of privacy-enhancing security mechanisms
A novel approach to role-based access control
ICCS'03 Proceedings of the 2003 international conference on Computational science
Formalization of RBAC policy with object class hierarchy
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
A novel use of RBAC to protect privacy in distributed health care information systems
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Design and implementation of access control system for smart office environment
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Applying RBAC providing restricted permission inheritance to a corporate web environment
APWeb'03 Proceedings of the 5th Asia-Pacific web conference on Web technologies and applications
Analysis of ANSI RBAC Support in COM+
Computer Standards & Interfaces
Management advantages of object classification in role-based access control (RBAC)
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
IBM Journal of Research and Development
Role-based access control for a Grid system using OGSA-DAI and Shibboleth
The Journal of Supercomputing
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Process compliance analysis based on behavioural profiles
Information Systems
Deriving role engineering artifacts from business processes and scenario models
Proceedings of the 16th ACM symposium on Access control models and technologies
Types for role-based access control of dynamic web data
WFLP'10 Proceedings of the 19th international conference on Functional and constraint logic programming
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I
Generalized access control of synchronous communication
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Privacy-preserving electronic health records
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Role activation management in role based access control
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Toward trust management in autonomic and coordination applications
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II
Secure role activation and authorization in the enterprise environment
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Development of a flexible PERMIS authorisation module for shibboleth and apache server
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Safety problems in access control with temporal constraints
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
A modal logic for role-based access control
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Secure and efficient information sharing in multi-university E-Learning environments
ICWL'07 Proceedings of the 6th international conference on Advances in web based learning
A role-involved purpose-based access control model
Information Systems Frontiers
Secure Dynamic Access Control Scheme of PHR in Cloud Computing
Journal of Medical Systems
Ontology based hybrid access control for automatic interoperation
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Secure federation of semantic information services
Decision Support Systems
Hi-index | 0.02 |
This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the Web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.