ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Integrated constraints and inheritance in DTAC
Full text PdfPdf (679 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the fifth ACM workshop on Role-based access control table of contents
Berlin, Germany
Pages: 93 - 102  
Year of Publication: 2000
ISBN:1-58113-259-X
Authors
Jonathon E. Tidswell  IBM T J Watson Research Center, Hawthorne, NY and School of Computer Science & Engineering, University of NSW, Sydney, Australia
Trent Jaeger  IBM T J Watson Research Center, Hawthorne, NY
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 1,   Downloads (12 Months): 19,   Citation Count: 7
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/344287.344307
What is a DOI?

ABSTRACT

Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an integrated mathematical approach to defining both inheritance and constraints in the dynamically typed access control (DTAC) model. In the process we identify several useful relationships among DTAC objects. The combination of DTAC and our new relationships allow us to graphically construct a greater variety and complexity of efficiently verifiable separation of duty constraints than any other model we are aware of.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
Atl99
Vijay Atluri, editor. Proceedings of the 4th ACM Workshop on Role-Based Access Control. ACM, October 1999.
 
Bal90
Robert W. Baldwin. Naming and group priviliges to simplify security management in large databases. In Proceedings of the IEEE Symposium on Security and Privacy, 1990.
BFA99
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
BJSS97
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
 
BK85
W. E. Boebert and R. Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8th National Computer Security Conference, Gaithersburg, Maryland, 1985.
 
BS97
I. N. Bronshtein , K. A. Semendyayev , K. A. Kirsch, Handbook of mathematics (3rd ed.), Springer-Verlag, London, 1997
 
CW87
D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proceeding of the IEEE Symposium on Security and Privacy, Oakland, California, April 1987.
HRU76
Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976  [doi>10.1145/360303.360333]
 
JSS97
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
Kuh97
D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266749]
 
LS97
Emil Lupu , Morris Sloman, A Policy Based Role Object Model, Proceedings of the 1st International Conference on Enterprise Distributed Object Computing, p.36-47, October 24-26, 1997
 
LS99
Emil C. Lupu , Morris Sloman, Conflicts in Policy-Based Distributed Systems Management, IEEE Transactions on Software Engineering, v.25 n.6, p.852-869, November 1999  [doi>10.1109/32.824414]
ML99
Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319186]
Mof98
Jonathan D. Moffett, Control principles and role hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.63-69, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286900]
NO99
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
 
San95
Ravi Sandhu, editor. Proceedings of the 1st Workshop on Role-Based Access Control. ACM, November 1995.
 
San96
Ravi S. Sandhu, Role Hierarchies and Constraints for Lattice-Based Access Controls, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.65-79, September 25-27, 1996
 
San97
Ravi Sandhu, editor. Proceedings of the 2nd Workshop on Role-Based Access Control. ACM, November 1997.
 
San98
Ravi Sandhu, editor. Proceedings of the 3rd ACM Workshop on Role-Based Access Control. ACM, Octorber 1998.
SBM99
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
SCFY96
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
SS75
J H Saltzer and M D Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), September 1975.
 
SZ97
Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.183, June 10-12, 1997
TOP99
Jonathon E. Tidswell , Geoffrey H. Outhred , John M. Potter, Dynamic rights: safe extensible access control, Proceedings of the fourth ACM workshop on Role-based access control, p.113-120, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319182]
 
TP97
Jonathon Tidswell , John Potter, An Approach to Dynamic Domain and Type Enforcement, Proceedings of the Second Australasian Conference on Information Security and Privacy, p.26-37, July 07-09, 1997
 
TP98
Jonathon Tidswell , John Potter, A Dynamically Typed Access Control Model, Proceedings of the Third Australasian Conference on Information Security and Privacy, p.308-319, July 01, 1998

CITED BY  7
Jonathon E. Tidswell , John M. Potter, A graphical definition of authorization schema in the DTAC model, Proceedings of the sixth ACM symposium on Access control models and technologies, p.109-120, May 2001, Chantilly, Virginia, United States
Andreas Schaad , Jonathan Moffett , Jeremy Jacob, The role-based access control system of a European bank: a case study and discussion, Proceedings of the sixth ACM symposium on Access control models and technologies, p.3-9, May 2001, Chantilly, Virginia, United States
Trent Jaeger , Jonathon E. Tidswell, Practical safety in flexible access control models, ACM Transactions on Information and System Security (TISSEC), v.4 n.2, p.158-190, May 2001
Jonathon E. Tidswell , Trent Jaeger, An access control model for simplifying constraint expression, Proceedings of the 7th ACM conference on Computer and communications security, p.154-163, November 01-04, 2000, Athens, Greece
Sejong Oh , Seog Park, Task-role-based access control model, Information Systems, v.28 n.6, p.533-562, September 2003
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001
Manigandan Radhakrishnan , Jon A. Solworth, Application security support in the operating system kernel, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan

INDEX TERMS

Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

  I. Computing Methodologies
  I.2 ARTIFICIAL INTELLIGENCE
      I.2.8 Problem Solving, Control Methods, and Search
          Subjects: Control theory
  I.6 SIMULATION AND MODELING

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Algorithms, Design, Performance, Security, Theory

Collaborative Colleagues:
Jonathon E. Tidswell: colleagues
Trent Jaeger: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player