Object-oriented modeling and design
Object-oriented modeling and design
Multilevel security in the UNIX tradition
Software—Practice & Experience
Object-oriented analysis and design with applications (2nd ed.)
Object-oriented analysis and design with applications (2nd ed.)
Role-Based Access Control Models
Computer
Modeling mandatory access control in role-based security systems
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
IEEE Transactions on Software Engineering
Exception-based information flow control in object-oriented systems
ACM Transactions on Information and System Security (TISSEC)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Software Engineering: A Practitioner's Approach
Software Engineering: A Practitioner's Approach
Lattice-Based Access Control Models
Computer
Information Flow Control in Object-Oriented Systems
IEEE Transactions on Knowledge and Data Engineering
A Role-Based Access Control for Intranet Security
IEEE Internet Computing
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Information Flow in a Purpose-Oriented Access Control Model
ICPADS '97 Proceedings of the 1997 International Conference on Parallel and Distributed Systems
A Formal Model for Role-Based Access Control with Constraints
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
An Object-Oriented RBAC Model for Distributed System
WICSA '01 Proceedings of the Working IEEE/IFIP Conference on Software Architecture
A Purpose-Oriented Access Control Model
ICOIN '98 Proceedings of the 13th International Conference on Information Networking
Information Flow Control in Role-Based Model for Distributed Objects
ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Providing flexible access control to an information flow control model
Journal of Systems and Software
An agent-based inter-application information flow control model
Journal of Systems and Software - Special issue: Software engineering education and training
DPE/PAC: decentralized process engine with product access control
Journal of Systems and Software
An information flow control model for C applications based on access control lists
Journal of Systems and Software
Managing role relationships in an information flow control model
Journal of Systems and Software
Description Logic Framework for Access Control and Security in Object-Oriented Systems
RSFDGrC '07 Proceedings of the 11th International Conference on Rough Sets, Fuzzy Sets, Data Mining and Granular Computing
An extended XACML model to ensure secure information access for web services
Journal of Systems and Software
| Hi-index | 0.00 |
The role-based access control (RBAC) approach has been recognized as useful in information security and many RBAC models have been proposed. Current RBAC researches focus on developing new models or enhancing existing models. In our research, we developed an RBAC model that can be embedded in object-oriented systems to control information flows (i.e. to protect privacy) within the systems. This paper proposes the model. The model, which is named OORBAC, is an extension of RBAC96. OORBAC offers the following features: (a) precisely control information flows among objects, (b) control method invocation through argument sensitivity, (c) allow purpose-oriented method invocation and prevent leakage within an object, (d) precisely control write access, and (e) avoid Trojan horses. We implemented a prototype for OORBAC using JAVA as the target language. The implementation resulted in a language named OORBACL, which can be used to implement secure applications. We evaluated OORBAC using experiments. The evaluation results are also shown in this paper.