Role-Based Access Control Models
Computer
Computational Issues in Secure Interoperation
IEEE Transactions on Software Engineering
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Support for discretionary role based access control in ACL-oriented operating systems
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role-based access control and distributed object-based enterprise computing
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Towards a task-based paradigm for flexible and adaptable access control in distributed applications
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
An integrated framework for security and dependability
Proceedings of the 1998 workshop on New security paradigms
Embedding security policies into a distributed computing environment
ACM SIGOPS Operating Systems Review
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Dynamic rights: safe extensible access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
On the decidability of accessibility problems (extended abstract)
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Rewriting Histories: Recovering from Malicious Transactions
Distributed and Parallel Databases - Security of data and transaction processing
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Panel: which access control technique will provide the greatest overall benefit
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An argument for the role-based access control model
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
ACM SIGOPS Operating Systems Review
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Lattice-Based Access Control Models
Computer
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Manageable access control for CORBA
Journal of Computer Security - Special issue on ESORICS 2000
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Flexible enterprise access control with object-oriented view specification
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Originator Control in Usage Control
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
An attribute-based access matrix model
Proceedings of the 2005 ACM symposium on Applied computing
Role-based information security: change management issues
ISICT '04 Proceedings of the 2004 international symposium on Information and communication technologies
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Safety analysis of usage control authorization models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Resiliency policies in access control
Proceedings of the 13th ACM conference on Computer and communications security
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
A review of information security issues and respective research contributions
ACM SIGMIS Database
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
On complexity of grammars related to the safety problem
Theoretical Computer Science
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Resiliency Policies in Access Control
ACM Transactions on Information and System Security (TISSEC)
Toward practical analysis for trust management policy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A conceptual framework for Group-Centric secure information sharing
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Safety in discretionary access control for logic-based publish-subscribe systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
Multi-layer audit of access rights
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
A communication agreement framework for access/action control
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Types for security in a mobile world
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
User-managed access control for health care systems
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Access control requirements for preventing insider threats
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
UCONLEGAL: a usage control model for HIPAA
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Safety problems in access control with temporal constraints
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
The complexity of discretionary access control
IWSEC'06 Proceedings of the 1st international conference on Security
Towards access control model engineering
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
A standards-based approach for supporting dynamic access policies for a federated digital library
ICADL'05 Proceedings of the 8th international conference on Asian Digital Libraries: implementing strategies and sharing experiences
Unifying decidability results on protection systems using simulations
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Heuristic safety analysis of access control models
Proceedings of the 18th ACM symposium on Access control models and technologies
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.00 |
The access matrix model as formalized by Harrison,Ruzzo, and Unman (HRU) has broad expressivepower. Unfortunately, HRU has weak safety properties(i.e., the determination of whether or not a givensubject can ever acquire access to a given object).Most security policies of practical interest fall into theundecidable cases of HRU. This is true even for monotonicpolicies (i.e., where access rights can be deletedonly if the deletion is itself reversible). In this paperwe define the typed access matrix (TAM) model by introducing strong typing into HRU (i.e., each subjector object is created to be of a particular type whichthereafter does not change). We prove that monotonicTAM (MTAM) has strong safety properties similarto Sandhu's Schematic Protection Model. Safety inMTAM's decidable case is, however, NP-hard. We developa model called ternary MTAM which has polynomialsafety for its decidable case, and which neverthelessretains the full expressive power of MTAM. There is compelling evidence that the decidable safety cases of ternary MTAM are quite adequate for modelingpractical monotonic security policies.