Database security
Role-Based Access Control Models
Computer
Authentication, access control, and audit
ACM Computing Surveys (CSUR)
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
High-level security issues in multimedia/hypertext systems
Proceedings of the IFIP TC6/TC11 international conference on Communications and multimedia security II
Formal specification for role based access control user/role and role/role relationship management
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Role-based access control in Java
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
A framework for implementing role-based access control using CORBA security service
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
The Personal Model of Data - Towards a Privacy Oriented Information System (Extended Abstract)
Proceedings of the Fifth International Conference on Data Engineering
Using Role-Templates for Handling Recurring Role Structures
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Deriving a Role-Based Access Control Model from the OBBAC Model
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
User Authentication and Authorization in the Java(tm) Platform
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Supporting Real World Security Models in Java
FTDCS '99 Proceedings of the 7th IEEE Workshop on Future Trends of Distributed Computing Systems
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
Can end-to-end verifiable e-voting be explained easily?
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
The RBAC model and implementation architecture in multi-domain environment
Electronic Commerce Research
Hi-index | 0.00 |
E-commerce applications have diverse security requirements ranging from business-to-business over business-to-consumer to consumer-to-consumer types of applications. This range of requirements cannot be handled adequately by one single security model although role-based access controls (RBAC) depict a promising fundament for generic high-level security. Furthermore, RBAC is well researched but rather incompletely realized in most of the current backend as well as business layer systems. Security mechanisms have often been added to existing software causing many of the well-known deficiencies found in most software products. However, with the rise of component-based software development security models can also be made available for reuse. Therefore, we present a general-purpose software framework providing security mechanisms such as authentication, access controls, and auditing for Java software development. The framework is called GAMMA (Generic Authorization Mechanisms for Multi-Tier Applications) and offers multiple high-level security models (including the aforementioned RBAC) that may even be used concurrently to cover such diverse security requirements as found within e-commerce environments.