Introduction to algorithms
Minimal cost set covering using probabilistic methods
SAC '93 Proceedings of the 1993 ACM/SIGAPP symposium on Applied computing: states of the art and practice
Computational Issues in Secure Interoperation
IEEE Transactions on Software Engineering
Providing Security and Interoperation of HeterogeneousSystems
Distributed and Parallel Databases - Security of data and transaction processing
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Security models for web-based applications
Communications of the ACM
Temporal hierarchies and inheritance semantics for GTRBAC
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Secure Mediation: Requirements and Design
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Merging Heterogeneous Security Orderings
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
SERAT: SEcure role mApping technique for decentralized secure interoperability
Proceedings of the tenth ACM symposium on Access control models and technologies
IEEE Transactions on Dependable and Secure Computing
An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environments
WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
Formal foundations for hybrid hierarchies in GTRBAC
ACM Transactions on Information and System Security (TISSEC)
Inter-domain role mapping and least privilege
Proceedings of the 12th ACM symposium on Access control models and technologies
Proceedings of the 13th ACM symposium on Access control models and technologies
Consistency checking of role assignments in inter-organizational collaboration
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
An efficient framework for user authorization queries in RBAC systems
Proceedings of the 14th ACM symposium on Access control models and technologies
Establishing RBAC-based secure interoperability in decentralized multi-domain environments
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Mediator-free secure policy interoperation of exclusively-trusted multiple domains
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Proceedings of the 15th ACM symposium on Access control models and technologies
Set covering problems in role-based access control
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A secure collaboration service for dynamic virtual organizations
Information Sciences: an International Journal
An interoperation framework for secure collaboration among organizations
Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hi-index | 0.00 |
The role hierarchy is one of the most distinguished features of an RBAC approach to securing large systems as it facilitates efficient administration of permissions. However, the role hierarchy as defined in the currently standardized RBAC model has limitations in capturing generic policy requirements such as separation of duty, time-based and cardinality constraints. To address such limitations, permission inheritance and activation inheritance semantics have been introduced to define three different types of role hierarchies. In presence of a hybrid hierarchy that allows all the three types of hierarchies to coexist, the overall hierarchy administration problem becomes quite complex. A key problem is to efficiently handle authorization queries to decide whether a user's request to activate a set of roles should be granted. A hybrid hierarchy also makes the problem of mapping a request for a set of permissions to a minimal set of roles difficult. Such a mapping is crucial in multidomain environments where different security domains have to establish and engage in secure interoperation by first mapping their security policies. In this paper, we investigate these two problems and present solutions that are efficient and practical.