Role-Based Access Control Models
Computer
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Password security: a case history
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protection in operating systems
Communications of the ACM
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Lattice-Based Access Control Models
Computer
ACM SIGOPS Operating Systems Review
Security architectures for controlled digital information dissemination
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Computer
Originator Control in Usage Control
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Towards a Multi-dimensional Characterization of Dissemination Control
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
Trusted Computing Platforms: Design and Applications
Trusted Computing Platforms: Design and Applications
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Peer-to-peer access control architecture using trusted computing technology
Proceedings of the tenth ACM symposium on Access control models and technologies
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing: Providing Security for Peer-to-Peer Networks
P2P '05 Proceedings of the Fifth IEEE International Conference on Peer-to-Peer Computing
Enhancing Data Authenticity and Integrity in P2P Systems
IEEE Internet Computing
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
PEI models towards scalable, usable and high-assurance information sharing
Proceedings of the 12th ACM symposium on Access control models and technologies
Toward a Usage-Based Security Framework for Collaborative Computing Systems
ACM Transactions on Information and System Security (TISSEC)
Usage control platformization via trustworthy SELinux
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
Preventing information leakage between collaborating organisations
Proceedings of the 10th international conference on Electronic commerce
Sharing but Protecting Content Against Internal Leakage for Organisations
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Flexible and secure enterprise rights management based on trusted virtual domains
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Family accounts: a new paradigm for user accounts within the home environment
Proceedings of the 2008 ACM conference on Computer supported cooperative work
An Integrity Assurance Mechanism for Run-Time Programs
Information Security and Cryptology
Foundations for group-centric secure information sharing models
Proceedings of the 14th ACM symposium on Access control models and technologies
PAES: Policy-Based Authority Evaluation Scheme
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Securing the distribution and storage of secrets with trusted platform modules
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Enforcing spatial constraints for mobile RBAC systems
Proceedings of the 15th ACM symposium on Access control models and technologies
Group-centric models for secure and agile information sharing
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Basis for an integrated security ontology according to a systematic review of existing proposals
Computer Standards & Interfaces
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
ASRBAC: a security administration model for mobile autonomic networks (MAutoNets)
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Survey: Usage control in computer security: A survey
Computer Science Review
SecureGov: secure data sharing for government services
Proceedings of the 14th Annual International Conference on Digital Government Research
| Hi-index | 0.00 |
The central goal of secure information sharing is to "share but protect" where the motivation to "protect" is to safeguard the sensitive content from unauthorized disclosure (in contrast to protecting the content to avoid loss of revenue as in retail Digital Rights Management). This elusive goal has been a major driver for information security for over three decades. Recently, the need for secure information sharing has dramatically increased with the explosion of the Internet and the convergence of outsourcing, offshoring and B2B collaboration in the commercial arena and the real-world demonstration of the tragic consequences of lack of information sharing in the national security arena. As technology has made the "share" aspect ever easier so has it increased the difficulty of enforcing the "protect" aspect. The central contribution of this paper is to show that the emergence of industrial strength Trusted Computing (TC) technology offers a range of novel solutions to the long-standing problem of secure information sharing. To this end we introduce a new framework of three layered models to analyze requirements and develop solutions, and demonstrate the application of this framework in context of TC and secure information sharing. The three layers are policy models (topmost), enforcement models (middle), and implementation models (bottom). Hence the name PEI models. At the policy model layer the secure information sharing space is divided into three categories called password based, device based, and credential based. For each of these policy categories various enforcement and implementation models can be developed. While we believe the PEI framework is relevant to security problems beyond secure information sharing, our goal in this paper is to demonstrate its application in this particular arena and identify questions for future research in this context. An essential benefit of PEI is that the three layers allow us to focus on the more important issues at a higher level of abstraction at the policy and enforcement layers, while leaving deep detail to the implementation layer. This paper focusses on the policy and enforcement layers with only passing mention of the implementation layer.