The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
IEEE Transactions on Software Engineering
Role-Based Access Control Models
Computer
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Dynamic rights: safe extensible access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
Modeling users in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Integrated constraints and inheritance in DTAC
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
An authorization model for temporal data
Proceedings of the 7th ACM conference on Computer and communications security
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems
Communications of the ACM
Managing access control complexity using metrices
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
A Policy Based Role Object Model
EDOC '97 Proceedings of the 1st International Conference on Enterprise Distributed Object Computing
A Dynamically Typed Access Control Model
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Access Control in a Virtual University
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
ACM SIGOPS Operating Systems Review
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
On the synthesis and analysis of protection systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
The transfer of information and authority in a protection system
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Managing access control policies using access control spaces
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Temporal hierarchies and inheritance semantics for GTRBAC
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Decidability of Safety in Graph-Based Models for Access Control
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
The role control center: features and case studies
Proceedings of the eighth ACM symposium on Access control models and technologies
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Dependencies and separation of duty constraints in GTRBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Resolving constraint conflicts
Proceedings of the ninth ACM symposium on Access control models and technologies
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Safety analysis of usage control authorization models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Constraint generation for separation of duty
Proceedings of the eleventh ACM symposium on Access control models and technologies
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
Beyond separation of duty: an algebra for specifying high-level security policies
Proceedings of the 13th ACM conference on Computer and communications security
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Managing RBAC states with transitive relations
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Proceedings of the 12th ACM symposium on Access control models and technologies
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Formal foundations for hybrid hierarchies in GTRBAC
ACM Transactions on Information and System Security (TISSEC)
Beyond separation of duty: An algebra for specifying high-level security policies
Journal of the ACM (JACM)
Effective Visualization of File System Access-Control
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Specification of SA-RBAC Policy Based on Colored Petri Net
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
Resiliency Policies in Access Control
ACM Transactions on Information and System Security (TISSEC)
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
Distributed and Parallel Databases
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
Integration of graph based authorization policies
ISMIS'06 Proceedings of the 16th international conference on Foundations of Intelligent Systems
Discretionary and mandatory controls for role-based administration
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
A relational database integrity framework for access control policies
Journal of Intelligent Information Systems
An access control language for dynamic systems – model-driven development and verification
SDL'05 Proceedings of the 12th international conference on Model Driven
Specification and validation of authorisation constraints using UML and OCL
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Implementing authorization delegations using graph
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Automated analysis of infinite state workflows with access control policies
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Hi-index | 0.00 |
Assurance that an access control configuration will not result in the leakage of a right to an unauthorized principal, called safety, is fundamental to ensuring that the most basic of access control policies can be enforced. It has been proven that the safety of an access control configuration cannot be decided for a general access control model, such as Lampson's access matrix, so safety is achieved either through the use of limited access control models or the verification of safety via constraints. Currently, almost all safety critical systems use limited access control models, such as Bell--LaPadula or Domain and Type Enforcement, because constraint expression languages are far too complex for typical administrators to use properly. However, researchers have identified that most constraints belong to one of a few basic types, so our goal is to develop a constraint expression model in which these constraints can be expressed in a straightforward way and extensions can be made to add other constraints, if desired. Our approach to expressing constraints has the following properties: (1) an access control policy is expressed using a graphical model in which the nodes represent sets (e.g., of subjects, objects, etc.) and the edges represent binary relationships on those sets and (2) constraints are expressed using a few, simple set operators on graph nodes. The basic graphical model is very simple, and we extend this model only as necessary to satisfy the identified constraint types. Since the basic graphical model is also general, further extension to support other constraints is possible, but such extensions should be made with caution as each increases the complexity of the model. Our hope is that by keeping the complexity of constraint expression in check, flexible access control models, such as role-based access control, may also be used for expressing access control policy for safety-critical systems.