Role-Based Access Control Models
Computer
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
An administration concept for the enterprise role-based access control model
Proceedings of the eighth ACM symposium on Access control models and technologies
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Model for Attribute-Based User-Role Assignment
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Role-Based Access Control
Database Security-Concepts, Approaches, and Challenges
IEEE Transactions on Dependable and Secure Computing
Rule support for role-based access control
Proceedings of the tenth ACM symposium on Access control models and technologies
Managing Impacts of Security Protocol Changes in Service-Oriented Applications
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Security Challenges in Adaptive e-Health Processes
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Supporting dynamic administration of RBAC in web-based collaborative applications during run-time
International Journal of Information and Computer Security
Dynamic access control administration for collaborative applications
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
| Hi-index | 0.00 |
This paper presents a new concept for efficient access rights administration and access control. It focuses on the special requirements of application security and reflects experiences from the implementation of security for large industry application systems. Application security shows a considerable inherent complexity due to the large number of combinations of objects and processes for which access rights must be defined. Based on practical experiences, this paper introduces a new approach for the implementation of access control for application systems which reduces this complexity. After describing the challenges for such an approach, we introduce process spaces and object spaces as a basis for authorisations. We show how they make application security maintainable, controllable and offer sufficient flexibility for reaction to changing business needs. In addition, we discuss how a separation of administration and access layers allows for convenient administration as well as optimised access decision performance in business-critical applications. To facilitate the integration of this rule-based concept into enterprise-wide security administration, we show how application security can be integrated into role-based access control (RBAC) systems. In particular, this goal is achieved by enhancing Enterprise RBAC (ERBAC) with variable roles. These roles can contain variable process and object spaces referencing user and role attributes. Finally, we give a short overview over related work.