Towards a theory of declarative knowledge
Foundations of deductive databases and logic programming
Some computer science issues in ubiquitous computing
Communications of the ACM - Special issue on computer augmented environments: back to the real world
Tcl and the Tk toolkit
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots
A role-based access control model and reference implementation within a corporate intranet
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
A model of accountability, confidentiality and override for healthcare and other applications
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
A lattice model of secure information flow
Communications of the ACM
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible team-based access control using contexts
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Design and implementation of a flexible RBAC-service in an object-oriented scripting language
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
An authorization model for temporal and derived data: securing information portals
ACM Transactions on Information and System Security (TISSEC)
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Information sharing and security in dynamic coalitions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Models for coalition-based access control (CBAC)
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A context-related authorization and access control method based on RBAC:
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Understanding and Using Context
Personal and Ubiquitous Computing
Web E-Speak: Facilitating Web-Based E-Services
IEEE MultiMedia
A Content-Based Authorization Model for Digital Libraries
IEEE Transactions on Knowledge and Data Engineering
Preserving Privacy in Environments with Location-Based Applications
IEEE Pervasive Computing
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Experience with Goal-Scenario Coupling in Requirements Engineering
RE '99 Proceedings of the 4th IEEE International Symposium on Requirements Engineering
On context in authorization policy
Proceedings of the eighth ACM symposium on Access control models and technologies
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Policy Contexts: Controlling Information Flow in Parameterised RBAC
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Towards Automated Negotiation of Access Control Policies
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Goal-Based Requirements Analysis
ICRE '96 Proceedings of the 2nd International Conference on Requirements Engineering (ICRE '96)
Goal-Oriented Requirements Engineering: A Guided Tour
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
Cover story: they know where you are
IEEE Spectrum
Experiences with the enforcement of access rights extracted from ODRL-based digital contracts
Proceedings of the 3rd ACM workshop on Digital rights management
XOTcl: an object-oriented scripting language
TCLTK'00 Proceedings of the 7th conference on USENIX Tcl/Tk - Volume 7
Object-based and class-based composition of transitive mixins
Information and Software Technology
Security policy compliance with violation management
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Authentication and authorization user management within a collaborative community
ICCOMP'07 Proceedings of the 11th WSEAS International Conference on Computers
On spatio-temporal constraints and inheritance in role-based access control
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Preventing conflict situations during authorization
WSEAS Transactions on Computers
Law-aware access control for international financial environments
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
The OPL Access Control Policy Language
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Role based access control for a medical database
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
Applying quorum role in network management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
A trusted decentralized access control framework for the client/server architecture
Journal of Network and Computer Applications
Positive and negative authorizations to access protected web resources
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
A role and attribute based access control system using semantic web technologies
OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems - Volume Part II
Specifying process-aware access control rules in SBVR
RuleML'07 Proceedings of the 2007 international conference on Advances in rule interchange and applications
A vocabulary and execution model for declarative service orchestration
BPM'07 Proceedings of the 2007 international conference on Business process management
A universal access control method based on host identifiers for Future Internet
Computers & Mathematics with Applications
Law-aware access control: about modeling context and transforming legislation
JSAI-isAI'09 Proceedings of the 2009 international conference on New frontiers in artificial intelligence
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
An approach for implementation of RBAC models with context constraint to business process systems
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Process compliance analysis based on behavioural profiles
Information Systems
Deriving role engineering artifacts from business processes and scenario models
Proceedings of the 16th ACM symposium on Access control models and technologies
An integrated approach for identity and access management in a SOA context
Proceedings of the 16th ACM symposium on Access control models and technologies
LoT-RBAC: a location and time-based RBAC model
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
Sharing protected web resources using distributed role-based modeling
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Access control using active rules
BNCOD'10 Proceedings of the 27th British national conference on Data Security and Security Data
Role approach in access control development with the usage control concept
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Proceedings of the 18th ACM symposium on Access control models and technologies
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Modelling context-aware RBAC models for mobile business processes
International Journal of Wireless and Mobile Computing
| Hi-index | 0.00 |
We present an approach that uses special purpose role-based access control (RBAC) constraints to base certain access control decisions on context information. In our approach a context constraint is defined as a dynamic RBAC constraint that checks the actual values of one or more contextual attributes for predefined conditions. If these conditions are satisfied, the corresponding access request can be permitted. Accordingly, a conditional permission is an RBAC permission that is constrained by one or more context constraints. We present an engineering process for context constraints that is based on goal-oriented requirements engineering techniques, and describe how we extended the design and implementation of an existing RBAC service to enable the enforcement of context constraints. With our approach we aim to preserve the advantages of RBAC and offer an additional means for the definition and enforcement of fine-grained context-dependent access control policies.