Authorisation infrastructure for on-demand network resource provisioning
GRID '08 Proceedings of the 2008 9th IEEE/ACM International Conference on Grid Computing
Conditional dependence networks in requirements engineering
COIN'09 Proceedings of the 5th international conference on Coordination, organizations, institutions, and norms in agent systems
Survey: Usage control in computer security: A survey
Computer Science Review
Beyond accountability: using obligations to reduce risk exposure and deter insider attacks
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.02 |
Role based access control has been widely researched in security critical systems. Conventional role based access control is a passive model, which makes authorization decisions on requests, and the authorization decisions contain only information about whether the corresponding requests are authorised or denied. One of the potential improvements for role based access control is the augmentation of obligations, where obligations are tasks and requirements to be fulfilled before, after or together with the enforcement of the authorization decisions. This paper conducts a literature review of role based access control and obligation related research, and proposes a design for the augmentation of obligations in the context of the RBAC standard. The design is then validated by implementation in the PERMIS RBAC authorization infrastructure. The paper also discusses the possible nondeterminism caused by overlapping authorisations.