Role-Based Access Control Models
Computer
Decentralized user-role assignment for Web-based intranets
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Protection and the control of information sharing in multics
Communications of the ACM
Lattice-Based Access Control Models
Computer
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
Access Rights Administration in Role-Based Security Systems
Proceedings of the IFIP WG11.3 Working Conference on Database Security VII
RBAC on the Web by Secure Cookies
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Role-based administration of user-role assignment: The URA97 model and its Oracle implementation
Journal of Computer Security
Injecting RBAC to secure a Web-based workflow system
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Modeling Privacy Control in Context-Aware Systems
IEEE Pervasive Computing
Managing Access in Extended Enterprise Networks
IEEE Internet Computing
Future Directions in Role-Based Access Control Models
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing
UbiComp '02 Proceedings of the 4th international conference on Ubiquitous Computing
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Access control and trust in the use of widely distributed services
Software—Practice & Experience - Special issue: Middleware
Secure role-based workflow models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Meta-Policies for Distributed Role-Based Access Control Systems
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A usage-based authorization framework for collaborative computing systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Mobile-driven architecture for managing enterprise security policies
Proceedings of the 44th annual Southeast regional conference
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Injecting a permission-based delegation model to secure web-based workflow systems
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Survey: Usage control in computer security: A survey
Computer Science Review
| Hi-index | 0.00 |
Information systems of the future will be large-scale, highly decentralized, pervasive, span organizational boundaries and evolve rapidly. Effective security in this cyberspace will require engineering authority and trust retationships across organizations and individuals. In this paper we propose the four-layer OM-AM framework for this purpose. OM-AM comprises objective, model, architecture and mechanism layers in this sequence. The objective and model (OM) layers articulate whatthe security objective and tradeoffs are, while the architecture and mechanism (AM) layers address howto meet these requirements. The hyphen in OM-AM emphasizes the shift from what to how. These layers are roughly analogous to a network protocol stack with a many-to-many relationship between successive layers, and most certainly do not imply a top-down waterfall-style software engineering process. OM-AM is an excellent match to the policy-neutral and flexible nature of role-based access control (RBAC). This paper describes and motivates the OM-AM framework and presents a case study in applying it in a distributed RBAC application.