A model of OASIS role-based access control and its support for active security

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A model of OASIS role-based access control and its support for active security

Full text

Pdf (220 KB)

Source

ACM Workshop on Role Based Access Control archive
Proceedings of the sixth ACM symposium on Access control models and technologies table of contents

Chantilly, Virginia, United States

Pages: 171 - 181

Year of Publication: 2001

ISBN:1-58113-350-2

Authors

Walt Yao	Univ. of Cambridge, Cambridge, U.K.
Ken Moody	Univ. of Cambridge, Cambridge, U.K.
Jean Bacon	Univ. of Cambridge, Cambridge, U.K.

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 87, Citation Count: 19

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/373256.373294 What is a DOI?

ABSTRACT

OASIS is a role-based access control architecture for achieving secure interoperation of services in an open, distributed environment. Services define roles and implement formally specified policy for role activation and service use; users must present the required credentials, in the specified context, in order to activate a role or invoke a service. Roles are activated for the duration of a session only. In addition, a role is deactivated immediately if any of the conditions of the membership rule associated with its activation becomes false.OASIS does not use role delegation but instead defines the notion of appointment, whereby a user in some role may issue an \actright{} to some other user. The role activation conditions of services may include \actright{}s, prerequisite roles and environmental constraints.We motivate our approach and formalise OASIS. First, a basic model is presented followed by an extended model which includes parameterisation.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Vijayalakshmi Atluri , Wei-kuang Huang, An Authorization Model for Workflows, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.44-64, September 25-27, 1996
	2	Jean Bacon , Michael Lloyd , Ken Moody, Translating Role-Based Access Control Policy within Context, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.107-119, January 29-31, 2001
	3	Jean Bacon , Ken Moody , John Bates , Richard Hayton , Chaoying Ma , Andrew McNeil , Oliver Seidel , Mark Spiteri, Generic Support for Distributed Applications, Computer, v.33 n.3, p.68-76, March 2000 [doi>10.1109/2.825698]
	4	E. Barka , R. Sandhu, Framework for role-based delegation models, Proceedings of the 16th Annual Computer Security Applications Conference, p.168, December 11-15, 2000
	5	E. Barka and R. Sandhu. A role-based delegation model and some extensions. In 23rd National Information Systems Security Conference, Baltimore, MD, October 2000.
	6	Elisa Bertino , Elena Ferrari , Vijayalakshmi Atluri, A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems, Proceedings of the second ACM workshop on Role-based access control, p.1-12, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266746]
	7	M. J. Covington, M. J. Moyer, and M. Ahamad. Generalized role-based access control for securing future applications. In 23rd National Information Systems Security Conference, Baltimore, MD, October 2000.
	8	David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999 [doi>10.1145/300830.300834]
	9	Luigi Giuri , Pietro Iglio, Role templates for content-based access control, Proceedings of the second ACM workshop on Role-based access control, p.153-159, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266773]
	10	Cheh Goh , Adrian Baldwin, Towards a more complete model of role, Proceedings of the third ACM workshop on Role-based access control, p.55-62, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286898]
	11	R. Hayton, J. Bacon, and K. Moody. OASIS: Access Control in an Open, Distributed Environment. In Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, May 1998. IEEE.
	12	John A. Hine , Walt Yao , Jean Bacon , Ken Moody, An architecture for distributed OASIS services, IFIP/ACM International Conference on Distributed systems platforms, p.104-120, April 03-07, 2000, New York, New York, United States
	13	D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266749]
	14	Jonathan D. Moffett, Control principles and role hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.63-69, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286900]
	15	Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319186]
	16	Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
	17	Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999 [doi>10.1145/300830.300832]
	18	J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, September 1975.
	19	Ravi Sandhu, Role activation hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.33-40, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286891]
	20	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	21	Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.183, June 10-12, 1997
	22	Roshan K. Thomas, Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, p.13-19, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266748]
	23	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	24	Weigang Wang, Team-and-role-based organizational context and access control for cooperative hypermedia environments, Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots, p.37-46, February 21-25, 1999, Darmstadt, Germany [doi>10.1145/294469.294480]

CITED BY 19

	Jason Crampton, Administrative scope and role hierarchy operations, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002
	Jean Bacon , Ken Moody , Walt Yao, Access control and trust in the use of widely distributed services, Software—Practice & Experience, v.33 n.4, p.375-394, 10 April 2003
	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.404-441, August 2003
	Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Mohammad A. Al-Kahtani , Ravi Sandhu, Induced role hierarchies with attribute-based RBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
	Li Yang , Raimund K. Ege , Huiqun Yu, Mediation security specification and enforcement for heterogeneous databases, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	Luc Moreau , Christian Queinnec, Resource aware programming, ACM Transactions on Programming Languages and Systems (TOPLAS), v.27 n.3, p.441-476, May 2005
	William Tolone , Gail-Joon Ahn , Tanusree Pai , Seng-Phil Hong, Access control in collaborative systems, ACM Computing Surveys (CSUR), v.37 n.1, p.29-41, March 2005
	Gang Yin , Huai-min Wang , Dian-xi Shi , Yan Jia , Meng Teng, A rule-based framework for role-based constrained delegation, Proceedings of the 3rd international conference on Information security, November 14-16, 2004, Shanghai, China
	Jason Crampton , George Loizou, Administrative scope: A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.201-231, May 2003
	Hua Wang , Jiuyong Li , Ron Addie , Stijn Dekeyser , Richard Watson, A framework for role-based group deligation in distributed environments, Proceedings of the 29th Australasian Computer Science Conference, p.321-328, January 16-19, 2006, Hobart, Australia
	Jacques Wainer , Akhil Kumar , Paulo Barthelmess, DW-RBAC: A formal security model of delegation and revocation in workflow systems, Information Systems, v.32 n.3, p.365-384, May, 2007
	Mahalingam Ramkumar , Nasir Memon, Secure collaborations over message boards, International Journal of Security and Networks, v.1 n.1/2, p.113-124, September 2006
	Nan Zhang , Mark Ryan , Dimitar P. Guelev, Synthesising verified access control systems through model checking, Journal of Computer Security, v.16 n.1, p.1-61, January 2008
	Ioannis Mavridis , Andreas Mattas , Ioannis Pagkalos , Isabella Kotini , Christos Ilioudis, Supporting dynamic administration of RBAC in web-based collaborative applications during run-time, International Journal of Information and Computer Security, v.2 n.4, p.328-352, January 2009
	Jean Bacon , Ken Moody , Walt Yao, Access Control and Trust in the Use of Widely Distributed Services, Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg, p.295-310, November 12-16, 2001
	Mehran Ahsant , Jim Basney , Lennart Johnsson, Dynamic, context-aware, least-privilege grid delegation, Proceedings of the 8th IEEE/ACM International Conference on Grid Computing, p.209-216, September 19-21, 2007