ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An argument for the role-based access control model
Full text PdfPdf (171 KB)
Source ACM Workshop on Role Based Access Control archive
Proceedings of the sixth ACM symposium on Access control models and technologies table of contents
Chantilly, Virginia, United States
Pages: 142 - 143  
Year of Publication: 2001
ISBN:1-58113-350-2
Author
David F. Ferraiolo  National Institute of Standards and Technology
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 84,   Citation Count: 2
Additional Information:

references   cited by   index terms   collaborative colleagues   peer to peer  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/373256.378405
What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
 
2
[2] R. W. Baldwin. Naming and grouping privileges to simplify security management in large databases. In proc. of the Symp. on Security and Privacy, pp. 116-132. IEEE Press, 1990
3
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344298]
 
4
[4] D. Brewer and M. Nash. The Chinese wall security policy. In proc. of the Symp. on Security and Privacy, pp. 215-228. IEEE Press, 1989
 
5
[5] D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In proc. of the Symp. on Security and Privacy, pp. 184-194. IEEE Press, 1987
 
6
[6] D. Ferraiolo and R. Kuhn. Role-Based Access Control. In Proc. of the NIST-NSA Nat. (USA) Comp. Security Conf., pp 554-563, 1992
 
7
[7] D. Ferraiolo, J. Cugini, and R. Kuhn. Role-based access control: Features and motivations. In Proc. of the Annual Computer Security Applications Conf., IEEE Press, 1995
8
David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999  [doi>10.1145/300830.300834]
9
Serban I. Gavrila , John F. Barkley, Formal specification for role based access control user/role and role/role relationship management, Proceedings of the third ACM workshop on Role-based access control, p.81-90, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286902]
 
10
Luigi Giuri , Pietro Iglio, A Formal Model for Role-Based Access Control with Constraints, Proceedings of the 9th IEEE workshop on Computer Security Foundations, p.136, March 10-12, 1996
 
11
[11] V.D. Gligor, S.I. Gavrila, D.F. Ferraiolo. On the Formal Definition of Separation-of-Duty Policies and their Composition. Proc. Symp. on Security and Privacy, IEEE Press,1998
12
Wei-Kuang Huang , Vijayalakshmi Atluri, SecureFlow: a secure Web-enabled workflow management system, Proceedings of the fourth ACM workshop on Role-based access control, p.83-94, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319179]
13
D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266749]
14
Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974  [doi>10.1145/775265.775268]
 
15
[15] C. McCollum, J. Messing, L. Notargiacomo. Beyond the pale of MAC and DAC -- defining new forms of access control. In proc. of the Symp. on Security and Privacy, pp. 190-900. IEEE Press, 1990
16
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
 
17
Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
18
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
 
19
[19] Ravi Sandhu, "Transaction Control Expressions for Separation of Duties." Proc. Fourth Aerospace Computer Security Applications Conference, Orlando, Florida, IEEE Computer Society Press, December 1988, pages 282-286
 
20
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
21
Ravi S. Sandhu, The Typed Access Matrix Model, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.122, May 04-06, 1992
22
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
23
[23] R. Simon and M. Zurko. Separation of duty in role based access control environments. In Proc. of, New Security Paradigms Workshop, September 1997
 
24
T. C. Ting , Steven A. Demurjian , M.-Y. Hu, Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model, Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects, p.275-296, November 01, 1991
 
25
[25] D. J. Thomsen. Role-based application design and enforcement. In S. Jajodia and C. E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 151-168. North-Holland, 1991.

CITED BY  2
Martin Kuhlmann , Dalia Shohat , Gerhard Schimpf, Role mining - revealing business roles for security administration using data mining technology, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Charles E. Phillips, Jr. , T.C. Ting , Steven A. Demurjian, Information sharing and security in dynamic coalitions, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.2 Physical Design
          Subjects: Access methods

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Design, Management, Performance, Security, Theory

Collaborative Colleagues:
David F. Ferraiolo: colleagues

Peer to Peer - Readers of this Article have also read:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player