Role-Based Access Control Models
Computer
Modeling mandatory access control in role-based security systems
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Rationale for the RBAC96 family of access control models
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Decentralized user-role assignment for Web-based intranets
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
An Oracle implementation of the PRA97 model for permission-role assignment
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Protection in operating systems
Communications of the ACM
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
The URA97 Model for Role-Based User-Role Assignment
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On the Minimality of Testing for Rights in Transformation Models
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Rebuttal to the NIST RBAC model proposal
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Integrated constraints and inheritance in DTAC
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Panel: which access control technique will provide the greatest overall benefit
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A rule-based framework for role based delegation
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An argument for the role-based access control model
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
ACM SIGOPS Operating Systems Review
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Administrative scope and role hierarchy operations
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A model for role administration using organization structure
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Information flow analysis of an RBAC system
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Policy algebras for access control the predicate case
Proceedings of the 9th ACM conference on Computer and communications security
A Knowledge-Based Approach to Internet Authorizations
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Future Directions in Role-Based Access Control Models
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Coordination and Access Control in Open Distributed Agent Systems: The TuCSoN Approach
COORDINATION '00 Proceedings of the 4th International Conference on Coordination Languages and Models
EROICA: A Rule-Based Approach to Organizational Policy Management in Workflow Systems
WAIM '02 Proceedings of the Third International Conference on Advances in Web-Age Information Management
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
Cooperative role-based administration
Proceedings of the eighth ACM symposium on Access control models and technologies
Induced role hierarchies with attribute-based RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Access control and trust in the use of widely distributed services
Software—Practice & Experience - Special issue: Middleware
A Role-Based Security Architecture for Business Intelligence
TOOLS '00 Proceedings of the Technology of Object-Oriented Languages and Systems (TOOLS 34'00)
Administering permissions for distributed data: factoring and automated inference
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Journal of Computer Security - IFIP 2000
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
On permissions, inheritance and role hierarchies
Proceedings of the 10th ACM conference on Computer and communications security
A role administration system in role-based authorization infrastructures: design and implementation
Proceedings of the 2003 ACM symposium on Applied computing
Organizational modeling in UML and XML in the context of workflow systems
Proceedings of the 2003 ACM symposium on Applied computing
Proceedings of the 2004 ACM symposium on Applied computing
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
A role-based approach to access control for XML databases
Proceedings of the ninth ACM symposium on Access control models and technologies
Administrative scope in the graph-based framework
Proceedings of the ninth ACM symposium on Access control models and technologies
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
Modular authorization and administration
ACM Transactions on Information and System Security (TISSEC)
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Providing flexible access control to an information flow control model
Journal of Systems and Software
Preventing information leakage within workflows that execute among competing organizations
Journal of Systems and Software - Special issue: Software engineering education and training
Formal specification of role-based security policies for clinical information systems
Proceedings of the 2005 ACM symposium on Applied computing
DPE/PAC: decentralized process engine with product access control
Journal of Systems and Software
Understanding and developing role-based administrative models
Proceedings of the 12th ACM conference on Computer and communications security
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Safety analysis of usage control authorization models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Fine-grained role-based delegation in presence of the hybrid role hierarchy
Proceedings of the eleventh ACM symposium on Access control models and technologies
An effective role administration model using organization structure
ACM Transactions on Information and System Security (TISSEC)
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Extended privilege inheritance in RBAC
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
ACM Transactions on Information and System Security (TISSEC)
Towards secure information sharing using role-based delegation
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Key management for content access control in a hierarchy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
Formal foundations for hybrid hierarchies in GTRBAC
ACM Transactions on Information and System Security (TISSEC)
Dynamic Work Distribution in Workflow Management Systems: How to Balance Quality and Performance
Journal of Management Information Systems
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
A Critique of the ANSI Standard on Role-Based Access Control
IEEE Security and Privacy
A theory for comparing the expressive power of access control models
Journal of Computer Security
Synthesising verified access control systems through model checking
Journal of Computer Security
RBAC administration in distributed systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Role engineering: From design to evolution of security schemes
Journal of Systems and Software
Advanced Permission-Role Relationship in Role-Based Access Control
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Patterns and Pattern Diagrams for Access Control
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Security Challenges in Adaptive e-Health Processes
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Spatial Domains for the Administration of Location-based Access Control Policies
Journal of Network and Systems Management
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time
International Journal of Information and Computer Security
Security and privacy for geospatial data: concepts and research directions
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Generalized access control of synchronous communication
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Expressive policy analysis with enhanced system dynamicity
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
Symbolic reachability analysis for parameterized administrative role based access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Robustly secure computer systems: a new security paradigm of system discontinuity
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Maintaining control while delegating trust: Integrity constraints in trust management
ACM Transactions on Information and System Security (TISSEC)
A flexible delegation processor for web-based information systems
Computer Standards & Interfaces
Instance-level access control for business-to-business electronic commerce
IBM Systems Journal
Injecting a permission-based delegation model to secure web-based workflow systems
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Toward practical authorization-dependent user obligation systems
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Refinement for administrative policies
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
The separation of duty with privilege calculus
RSKT'08 Proceedings of the 3rd international conference on Rough sets and knowledge technology
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards session-aware RBAC administration and enforcement with XACML
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
IBM Journal of Research and Development
New role-based access control in ubiquitous e-business environment
Journal of Intelligent Manufacturing
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
Access control via belnap logic: Intuitive, expressive, and analyzable policy composition
ACM Transactions on Information and System Security (TISSEC)
Expert Systems with Applications: An International Journal
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
Dynamic access control administration for collaborative applications
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
Evaluating access control of open source electronic health record systems
Proceedings of the 3rd Workshop on Software Engineering in Health Care
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Reasoning about dynamic delegation in role based access control systems
DASFAA'11 Proceedings of the 16th international conference on Database systems for advanced applications - Volume Part I
Program synthesis in administration of higher-order permissions
Proceedings of the 16th ACM symposium on Access control models and technologies
An authorization scheme for version control systems
Proceedings of the 16th ACM symposium on Access control models and technologies
An approach to modular and testable security models of real-world health-care applications
Proceedings of the 16th ACM symposium on Access control models and technologies
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Automated symbolic analysis of ARBAC-policies
STM'10 Proceedings of the 6th international conference on Security and trust management
Generalized access control of synchronous communication
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Discretionary and mandatory controls for role-based administration
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Construction of security architecture of web services based EAI
WAIM'05 Proceedings of the 6th international conference on Advances in Web-Age Information Management
Survey Paper: A survey on policy languages in network and security management
Computer Networks: The International Journal of Computer and Telecommunications Networking
An access-control policy based on sharing resource management for a multi-domains environment
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Using π-calculus to formalize domain administration of RBAC
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
A flexible role-based delegation model using characteristics of permissions
DEXA'05 Proceedings of the 16th international conference on Database and Expert Systems Applications
An authorization framework based on constrained delegation
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
OS-DRAM: a delegation administration model in a decentralized enterprise environment
WAIM '06 Proceedings of the 7th international conference on Advances in Web-Age Information Management
A modal logic for role-based access control
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Delegation in role-based access control
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Abductive analysis of administrative policies in rule-based access control
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
New concept of authority range for flexible management of role hierarchy
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Ensuring authorization privileges for cascading user obligations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Recognition of authority in virtual organisations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
RABAC: role-centric attribute-based access control
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
A role-based administration model for attributes
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Mining parameterized role-based policies
Proceedings of the third ACM conference on Data and application security and privacy
Information Systems and e-Business Management
Engineering Financial Enterprise Content Management Services: Integration and Control
International Journal of Systems and Service-Oriented Engineering
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Policy administration in tag-based authorization
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.00 |
In role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience and scalability, especially in decentralizing administrative authority, responsibility, and chores. This paper describes the motivation, intuition, and formal definition of a new role-based model for RBAC administration. This model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignment '97), and RRA97 (role-role assignment '97) dealing with different aspects of RBAC administration. URA97, PRA97, and an outline of RRA97 were defined in 1997, hence the designation given to the entire model. RRA97 was completed in 1998. ARBAC97 is described completely in this paper for the first time. We also discusses possible extensions of ARBAC97.