Control principles and role hierarchies
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Future Directions in Role-Based Access Control Models
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Core role-based access control: efficient implementations by transformations
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
A Critique of the ANSI Standard on Role-Based Access Control
IEEE Security and Privacy
Hi-index | 0.00 |
In this abstract, we rebut the proposed RBAC unified reference model as defined by Sandhu, Ferriaolo, and Kuhn [4]. As a unified reference model, this proposal simply re-enforces some of the concepts that are fundamental to RBAC (i.e., roles, users, and permissions) without clarifying the more complex concepts. Also, the definitions of the concepts are too informal to drive any useful standards proposal. We suggest formalizing the base concepts, including the addition of role administration, and that more work is necessary for constraints to be useful.