Domains: a framework for structuring management policy
Network and distributed systems management
Role-Based Access Control Models
Computer
Role based access control with the security administration manager (SAM)
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Design systolic systems: Illustrating of regular algorithms on synchronous array processors
Design systolic systems: Illustrating of regular algorithms on synchronous array processors
NetWare 4 as an example of role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
An Oracle implementation of the PRA97 model for permission-role assignment
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Control principles and role hierarchies
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Integrated constraints and inheritance in DTAC
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
On modeling system-centric information for role engineering
Proceedings of the eighth ACM symposium on Access control models and technologies
Proceedings of the 2004 ACM symposium on Applied computing
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
RoleMiner: mining roles using subset enumeration
Proceedings of the 13th ACM conference on Computer and communications security
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Using semantics for automatic enforcement of access control policies among dynamic coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Migrating to optimal RBAC with minimal perturbation
Proceedings of the 13th ACM symposium on Access control models and technologies
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Edge-RMP: Minimizing administrative assignments for role-based access control
Journal of Computer Security
Selective Regression Test for Access Control System Employing RBAC
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
A closer look to the V-model approach for role engineering
WSEAS Transactions on Computers
Enforcing P3P policies using a digital rights management system
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Management advantages of object classification in role-based access control (RBAC)
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
The role mining problem: A formal perspective
ACM Transactions on Information and System Security (TISSEC)
Incorporating social-cultural contexts in role engineering: an activity theoretic approach
International Journal of Business Information Systems
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)
Proceedings of the first ACM conference on Data and application security and privacy
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
Authorization recycling in hierarchical RBAC systems
ACM Transactions on Information and System Security (TISSEC)
Reasoning about dynamic delegation in role based access control systems
DASFAA'11 Proceedings of the 16th international conference on Database systems for advanced applications - Volume Part I
Service Oriented Computing and Applications
An optimization model for the extended role mining problem
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
HBAC: a model for history-based access control and its model checking
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Symbolic backward reachability with effectively propositional logic
Formal Methods in System Design
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Evolving role definitions through permission invocation patterns
Proceedings of the 18th ACM symposium on Access control models and technologies
Journal of Computer Security - STM'10
| Hi-index | 0.00 |
Research in the area of role-based access control has made fast progress over the last few years. However, little has been done to identify and describe existing role-based access control systems within large organisations. This paper describes the access control system of a major European Bank. An overview of the systems structure, its administration and existing control principles constraining the administration is given. In addition, we provide an answer to a key question - the ratio of the number of roles to the system user population - which was raised in the recent RBAC2000 Workshop. Having described certain weaknesses of the Banks system, the case study is extended to a comparison between the system and the RBAC96 models. In particular the issues of inheritance and grouping are addressed.