Proposed NIST standard for role-based access control

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Proposed NIST standard for role-based access control

Full text

Pdf (418 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 4 , Issue 3 (August 2001) table of contents

Pages: 224 - 274

Year of Publication: 2001

ISSN:1094-9224

Authors

David F. Ferraiolo	National Institute of Standards and Technology
Ravi Sandhu	SingleSign On. Net and George Mason University, sandhu@gmu.edu or www.list.gmu.edu
Serban Gavrila	VDG Incorporated
D. Richard Kuhn	National Institute of Standards and Technology
Ramaswamy Chandramouli	National Institute of Standards and Technology

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 52, Downloads (12 Months): 510, Citation Count: 159

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/501978.501980 What is a DOI?

ABSTRACT

In this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted model results in uncertainty and confusion about RBAC's utility and meaning. The standard proposed here seeks to resolve this situation by unifying ideas from a base of frequently referenced RBAC models, commercial products, and research prototypes. It is intended to serve as a foundation for product development, evaluation, and procurement specification. Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, we feel the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers. As such, this document does not attempt to standardize RBAC features beyond those that have achieved acceptance in the commercial marketplace and research community, but instead focuses on defining a fundamental and stable set of RBAC components. This standard is organized into the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The reference model defines the scope of features that comprise the standard and provides a consistent vocabulary in support of the specification. The RBAC System and Administrative Functional Specification defines functional requirements for administrative operations and queries for the creation, maintenance, and review of RBAC sets and relations, as well as for specifying system level functionality in support of session attribute management and an access control decision process.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000 [doi>10.1145/382912.382913]
	2	BALDWIN, R. W. 1990. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 116-132.
	3	BELL,D.AND LAPADULA. 1976. Secure computer systems: Unified exposition and MULTICS. Tech. Rep. ESD-TR-75-306, The MITRE Corporation, Bedford, Mass., March.
	4	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344298]
	5	BREWER,D.AND NASH, M. 1989. The Chinese wall security policy. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 215-228.
	6	CHANDRAMOULI,R.AND SANDHU, R. 1998. Role-based access control features in commercial database management systems. In Proceedings of the NIST-NSA National (USA) Computer Security Conference, 503-511.
	7	CLARK,D.AND WILSON, D. 1987. A comparison of commercial and military computer security policies. In proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 184-194.
	8	Glenn Faden, RBAC in UNIX administration, Proceedings of the fourth ACM workshop on Role-based access control, p.95-101, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319180]
	9	FEINSTEIN, H. 1996. Final report: NIST small business innovative research (SBIR) grant: Role based access control: phase 2. SETA Corp., October.
	10	FERRAIOLO,D.AND KUHN, R. 1992. Role-based access control. In Proceedings of the NIST-NSA National (USA) Computer Security Conference, 554-563.
	11	David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999 [doi>10.1145/300830.300834]
	12	FERRAIOLO, D., CUGINI,J.,AND KUHN, R. 1995. Role-based access control: Features and motivations. In Proceedings of the Annual Computer Security Applications Conference, IEEE Press, Los Alamitos, Calif.
	13	FERRAIOLO, D., GILBERT,D.,AND LYNCH, N. 1993. An examination of federal and commercial access control policy needs. In Proceedings of the NIST-NSA National (USA) Computer Security Conference, 107-116.
	14	Serban I. Gavrila , John F. Barkley, Formal specification for role based access control user/role and role/role relationship management, Proceedings of the third ACM workshop on Role-based access control, p.81-90, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286902]
	15	Luigi Giuri , Pietro Iglio, A Formal Model for Role-Based Access Control with Constraints, Proceedings of the Ninth IEEE Computer Security Foundations Workshop, p.136, March 10-12, 1996
	16	GLIGOR, V. D., GAVRILA,S.I.,AND FERRAIOLO, D. F. 1998. On the formal definition of separation-ofduty policies and their composition. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif.
	17	Wei-Kuang Huang , Vijayalakshmi Atluri, SecureFlow: a secure Web-enabled workflow management system, Proceedings of the fourth ACM workshop on Role-based access control, p.83-94, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319179]
	18	Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319175]
	19	Trent Jaeger , Jonathon E. Tidswell, Rebuttal to the NIST RBAC model proposal, Proceedings of the fifth ACM workshop on Role-based access control, p.65-66, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344302]
	20	James B. D. Joshi , Walid G. Aref , Arif Ghafoor , Eugene H. Spafford, Security models for web-based applications, Communications of the ACM, v.44 n.2, p.38-44, Feb. 2001 [doi>10.1145/359205.359224]
	21	James Joshi , Arif Ghafoor , Walid G. Aref , Eugene H. Spafford, Digital Government Security Infrastructure Design Challenges, Computer, v.34 n.2, p.66-72, February 2001 [doi>10.1109/2.970579]
	22	D. Richard Kuhn, Role based access control on MLS systems without kernel changes, Proceedings of the third ACM workshop on Role-based access control, p.25-32, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286890]
	23	D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266749]
	24	Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974 [doi>10.1145/775265.775268]
	25	MCCOLLUM, C., MESSING,J.,AND NOTARGIACOMO, L. 1990. Beyond the pale of MAC and DAC- Defining new forms of access control. In Proceedings of the Symposium on Security and Privacy, IEEE Press, Los Alamitos, Calif., 190-900.
	26	Jonathan D. Moffett, Control principles and role hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.63-69, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286900]
	27	Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
	28	Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999 [doi>10.1145/300830.300832]
	29	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000 [doi>10.1145/354876.354878]
	30	SANDHU,R.AND BHAMIDIPATI, V. 1997. Role-based administration of user-role assignment: The URA97 model and its oracle implementation. J. Compu. Sec. 7.
	31	Ravi Sandhu, Role activation hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.33-40, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286891]
	32	SANDHU, R. 1998b. Role-based access control. In Advances in Computers, vol. 46, M. Zelkowitz Eds. Academic, 237-286.
	33	SANDHU, R. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Aerospace Computer Security Applications Conference (Orlando, Fla.). IEEE Computer Society Press, Dec. Los Alamitos, Calif., 282-286.
	34	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999 [doi>10.1145/300830.300839]
	35	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	36	Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344301]
	37	SIMON,R.AND ZURKO, R. 1997. Separation of duty in role based access control environments. In Proceedings of New Security Paradigms Workshop, (Sept.).
	38	SMITH, C., COYNE, E., YOUMAN,C.,AND GANTA, S. 1996. Market analysis report: NIST small business innovative research (SBIR) grant: Role based access control: Phase 2. A marketing survey of civil federal government organizations to determine the need for role-based access control security product, SETA Corp., July.
	39	THOMSEN, D. J. 1991. Role-based application design and enforcement. In Database Security, IV: Status and Prospects, S. Jajodia and C. E. Landwehr, Eds., North-Holland, 151-168.
	40	T. C. Ting , Steven A. Demurjian , M.-Y. Hu, Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model, Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects, p.275-296, November 01, 1991

CITED BY 159

	Manuel Koch , Luigi V. Mancini , Francesco Parisi-Presicce, A graph-based formalism for RBAC, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.332-365, August 2002
	Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Axel Kern , Martin Kuhlmann , Andreas Schaad , Jonathan Moffett, Observations on the role life-cycle in the context of enterprise security management, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
	Horst F. Wedde , Mario Lischka, Cooperative role-based administration, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Pierangela Samarati , Michael K. Reiter , Sushil Jajodia, An authorization model for a public key management service, ACM Transactions on Information and System Security (TISSEC), v.4 n.4, p.453-482, November 2001
	Kerry Taylor , James Murty, Implementing role based access control for federated information systems on the web, Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003, p.87-95, February 01, 2003, Adelaide, Australia
	David F. Ferraiolo , R. Chandramouli , Gail-Joon Ahn , Serban I. Gavrila, The role control center: features and case studies, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	David Basin , Jürgen Doser , Torsten Lodderstedt, Model driven security for process-oriented systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	James B. D. Joshi , Basit Shafiq , Arif Ghafoor , Elisa Bertino, Dependencies and separation of duty constraints in GTRBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Sushil Jajodia , Duminda Wijesekera, Recent advances in access control models, Proceedings of the fifteenth annual working conference on Database and application security, p.3-15, July 15-18, 2001, Niagara, Ontario, Canada
	Susanne Guth , Gustaf Neumann , Mark Strembeck, Experiences with the enforcement of access rights extracted from ODRL-based digital contracts, Proceedings of the 3rd ACM workshop on Digital rights management, October 27-27, 2003, Washington, DC, USA
	Jason Crampton, On permissions, inheritance and role hierarchies, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
	Edward C. Epp, Relationship Management: Secure Collaboration in a Ubiquitous Environment, IEEE Pervasive Computing, v.2 n.2, p.62-71, April 2003
	Trent Jaeger , Xiaolan Zhang , Fidel Cacheda, Policy management using access control spaces, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.327-364, August 2003
	Jae-Deok Lim , Joon-Suk Yu , Jeong-Nyeo Kim, A study of the method of providing secure network channel among secure OSs, Proceedings of the 1st international symposium on Information and communication technologies, September 24-26, 2003, Dublin, Ireland
	Shih-Chien Chou, Embedding role-based access control model in object-oriented systems to protect privacy, Journal of Systems and Software, v.71 n.1-2, p.143-161, April 2004
	Halvard Skogsrud , Boualem Benatallah , Fabio Casati, Trust-serv: model-driven lifecycle management of trust negotiation policies for web services, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA
	James B. D. Joshi , Rafae Bhatti , Elisa Bertino , Arif Ghafoor, Access-Control Language for Multidomain Environments, IEEE Internet Computing, v.8 n.6, p.40-50, November 2004
	Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Jason Crampton, Specifying and enforcing constraints in role-based access control, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Karl Fürst , Thomas Schmidt , Gerald Wippel, Managing Access in Extended Enterprise Networks, IEEE Internet Computing, v.6 n.5, p.67-74, September 2002
	Indrakshi Ray , Na Li , Robert France , Dae-Kyoo Kim, Using uml to visualize role-based access control constraints, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Rafae Bhatti , James Joshi , Elisa Bertino , Arif Ghafoor, X-GTRBAC admin: a decentralized administration model for enterprise wide access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Sastry Duri , Jeffrey Elliott , Marco Gruteser , Xuan Liu , Paul Moskowitz , Ronald Perez , Moninder Singh , Jung-Mu Tang, Data protection and data sharing in telematics, Mobile Networks and Applications, v.9 n.6, p.693-701, December 2004
	Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
	Dickson K. W. Chiu , S. C. Cheung , Sven Till , Kamalakar Karlapalem , Qing Li , Eleanna Kafeza, Workflow View Driven Cross-Organizational Interoperability in a Web Service Environment, Information Technology and Management, v.5 n.3-4, p.221-250, July-October 2004
	Thuong Doan , Steven Demurjian , T. C. Ting , Andreas Ketterl, MAC and UML for secure software design, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29, 2004, Washington DC, USA
	Fariborz Farahmand , Shamkant B. Navathe , Gunter P. Sharp , Philip H. Enslow, A Management Perspective on Risk of Security Threats to Information Systems, Information Technology and Management, v.6 n.2-3, p.203-225, April 2005
	Axel Kern , Martin Kuhlmann , Rainer Kuropka , Andreas Ruthert, A meta model for authorisations in application security systems and their integration into RBAC administration, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Shih-Chien Chou, Providing flexible access control to an information flow control model, Journal of Systems and Software, v.73 n.3, p.425-439, November-December 2004
	Hua Wang , Jinli Cao , Yanchun Zhang, A Flexible Payment Scheme and Its Role-Based Access Control, IEEE Transactions on Knowledge and Data Engineering, v.17 n.3, p.425-436, March 2005
	Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Horst F. Wedde , Mario Lischka, Modular authorization and administration, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.363-391, August 2004
	Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
	H. F. Wedde , Mario Lischka, Role-based access control in ambient and remote space, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005
	Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Li Yang , Raimund K. Ege , Huiqun Yu, Mediation security specification and enforcement for heterogeneous databases, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	Rafae Bhatti , Elisa Bertino , Arif Ghafoor , James B. D. Joshi, XML-Based Specification for Web Services Document Security, Computer, v.37 n.4, p.41-49, April 2004
	Axel Kern , Claudia Walhorn, Rule support for role-based access control, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Elisa Bertino , Barbara Catania , Maria Luisa Damiani , Paolo Perlasca, GEO-RBAC: a spatially aware RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Mohamed Shehab , Elisa Bertino , Arif Ghafoor, SERAT: SEcure role mApping technique for decentralized secure interoperability, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Tine Verhanneman , Frank Piessens , Bart De Win , Wouter Joosen, Requirements traceability to support evolution of access control, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
	Eunjee Song , Raghu Reddy , Robert France , Indrakshi Ray , Geri Georg , Roger Alexander, Verifiable composition of access control and application features, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Radha Jagadeesan , Will Marrero , Corin Pitcher , Vijay Saraswat, Timed constraint programming: a declarative approach to usage control, Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.164-175, July 11-13, 2005, Lisbon, Portugal
	Rafae Bhatti , Elisa Bertino , Arif Ghafoor, A Trust-Based Context-Aware Access Control Model for Web-Services, Distributed and Parallel Databases, v.18 n.1, p.83-105, July 2005
	Mirko Viroli , Alessandro Ricci , Andrea Omicini, An organisation infrastructure for Multi-Agent Systems based on Agent Coordination Contexts, Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, July 25-29, 2005, The Netherlands
	Karsten Sohr , Michael Drouineaud , Gail-Joon Ahn, Formal specification of role-based security policies for clinical information systems, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	G. Navarro , J. Borrell , J. A. Ortega-Ruiz , S. Robles, Access control with safe role assignment for mobile agents, Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, July 25-29, 2005, The Netherlands
	Gerardo Canfora , Piero Corte , Antonio De Nigro , Debora Desideri , Massimiliano Di Penta , Raffaele Esposito , Amedeo Falanga , Gloria Renna , Rita Scognamiglio , Francesco Torelli , Maria Luisa Villani , Paolo Zampognaro, The C-Cube framework: developing autonomic applications through web services, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
	Mohamed Shehab , Elisa Bertino , Arif Ghafoor, Secure collaboration in mediator-free environments, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Jason Crampton, Understanding and developing role-based administrative models, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Shih-Chien Chou , Chin-Yi Chang, An information flow control model for C applications based on access control lists, Journal of Systems and Software, v.78 n.1, p.84-100, October 2005
	Rafae Bhatti , Arif Ghafoor , Elisa Bertino , James B. D. Joshi, X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.2, p.187-227, May 2005
	Axel Kern , Andreas Schaad , Jonathan Moffett, An administration concept for the enterprise role-based access control model, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Jim Longstaff , Mike Lockyer , John Nicholas, The tees confidentiality model: an authorisation model for identities and roles, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Rafae Bhatti , Basit Shafiq , Elisa Bertino , Arif Ghafoor , James B. D. Joshi, X-gtrbac admin: A decentralized administration model for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.388-423, November 2005
	Ninghui Li , Ziad Bizri , Mahesh V. Tripunitara, On mutually-exclusive roles and separation of duty, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	David Basin , Jürgen Doser , Torsten Lodderstedt, Model driven security: From UML models to access control infrastructures, ACM Transactions on Software Engineering and Methodology (TOSEM), v.15 n.1, p.39-91, January 2006
	Yanhong A. Liu , Chen Wang , Michael Gorbovitski , Tom Rothamel , Yongxi Cheng , Yingchao Zhao , Jing Zhang, Core role-based access control: efficient implementations by transformations, Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, January 09-10, 2006, Charleston, South Carolina
	Sudip Chakraborty , Indrajit Ray, TrustBAC: integrating trust relationships into the RBAC model for access control in open systems, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Chiara Braghin , Daniele Gorla , Vladimiro Sassone, Role-based access control for a distributed calculus, Journal of Computer Security, v.14 n.2, p.113-155, January 2006
	G. Kambourakis , I. Maglogiannis , A. Rouskas, PKI-based secure mobile access to electronic health services and data, Technology and Health Care, v.13 n.6, p.511-526, January 2005
	Shih-Chien Chou , Yuan-Chien Chen, Managing role relationships in an information flow control model, Journal of Systems and Software, v.79 n.4, p.507-522, April 2006
	Vugranam C. Sreedhar, Data-centric security: role analysis and role typestates, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Zude Li , Xiaojun Ye, Towards a dynamic multi-policy dissemination control model: (DMDCON), ACM SIGMOD Record, v.35 n.1, p.33-38, March 2006
	Peng Liu , Zhong Chen, An Access Control Model for Web Services in Business Process, Proceedings of the 2004 IEEE/WIC/ACM International Conference on Web Intelligence, p.292-298, September 20-24, 2004
	Bechara Al Bouna , Richard Chbeir , Stefania Marrara, A multimedia access control language for virtual and ambient intelligence environments, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
	Adriana Compagnoni , Elsa L. Gunter , Philippe Bidinger, Role-based access control for boxed ambients, Theoretical Computer Science, v.398 n.1-3, p.203-216, May, 2008
	Jing Jin , Gail-Joon Ahn, Role-based access management for ad-hoc collaborative sharing, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Jaideep Vaidya , Vijayalakshmi Atluri , Janice Warner, RoleMiner: mining roles using subset enumeration, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Matthew Pirretti , Patrick Traynor , Patrick McDaniel , Brent Waters, Secure attribute-based systems, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Shu Chen , Yu Zhang , Wade Trappe, Inverting sensor networks and actuating the environment for spatio-temporal access control, Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, October 30-30, 2006, Alexandria, Virginia, USA
	Matthias Merz, The management of users, roles, and permissions in JDOSecure, Proceedings of the 4th international symposium on Principles and practice of programming in Java, August 30-September 01, 2006, Mannheim, Germany
	Zhengping Wu , Alfred C. Weaver, Token-based dynamic trust establishment for web services, Proceedings of the 43rd annual southeast regional conference, March 18-20, 2005, Kennesaw, Georgia
	Gabriel López , Oscar Cánovas , Antonio F. Gómez , Jesús D. Jiménez , Rafael Marín, A network access control approach based on the AAA architecture and authorization attributes, Journal of Network and Computer Applications, v.30 n.3, p.900-919, August, 2007
	Celia Li , Cungang Yang , Richard Cheung, Key management for role hierarchy in distributed systems, Journal of Network and Computer Applications, v.30 n.3, p.920-936, August, 2007
	Diala Abi Haidar , Nora Cuppens-Boulahia , Frederic Cuppens , Herve Debar, An extended RBAC profile of XACML, Proceedings of the 3rd ACM workshop on Secure web services, November 03-03, 2006, Alexandria, Virginia, USA
	Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, ACM Transactions on Information and System Security (TISSEC), v.9 n.4, p.391-420, November 2006
	Hong Chen , Ninghui Li, Constraint generation for separation of duty, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Ravi Sandhu , Kumar Ranganathan , Xinwen Zhang, Secure information sharing enabled by Trusted Computing and PEI models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Daniele Gorla , Matthew Hennessy , Vladimiro Sassone, Inferring dynamic credentials for rôle-based trust management, Proceedings of the 8th ACM SIGPLAN symposium on Principles and practice of declarative programming, July 10-12, 2006, Venice, Italy
	James B. D. Joshi , Elisa Bertino, Fine-grained role-based delegation in presence of the hybrid role hierarchy, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Maria Luisa Damiani , Elisa Bertino, Architectural issues for a location-aware role-based access control system, Proceedings of the 2006 ACM symposium on Applied computing, April 23-27, 2006, Dijon, France
	Xinwen Zhang , Ravi Sandhu , Francesco Parisi-Presicce, Safety analysis of usage control authorization models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Chaoyi Pang , David Hansen , Anthony Maeder, Managing RBAC states with transitive relations, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Liu Yingbo , Wang Jianmin , Sun Jiaguang, A machine learning approach to semi-automating workflow staff assignment, Proceedings of the 2007 ACM symposium on Applied computing, March 11-15, 2007, Seoul, Korea
	Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo, The role mining problem: finding a minimal descriptive set of roles, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Angelos D. Keromytis , Jonathan M. Smith, Requirements for scalable access control and security management architectures, ACM Transactions on Internet Technology (TOIT), v.7 n.2, p.8-es, May 2007
	Vishwas Patil , Alessandro Mei , Luigi V. Mancini, Addressing interoperability issues in access control models, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Ninghui Li , Ziqing Mao, Administration in role-based access control, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Janice Warner , Vijayalakshmi Atluri , Ravi Mukkamala , Jaideep Vaidya, Using semantics for automatic enforcement of access control policies among dynamic coalitions, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Qun Ni , Alberto Trombetta , Elisa Bertino , Jorge Lobo, Privacy-aware role based access control, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Wenliang Du , Ronghua Wang, SEED: A Suite of Instructional Laboratories for Computer Security Education, Journal on Educational Resources in Computing (JERIC), v.8 n.1, p.1-24, March 2008
	Stephen Smaldone , Vinod Ganapathy , Liviu Iftode, Working set-based access control for network file systems, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Tom Rothamel , Yanhong A. Liu, Efficient implementation of tuple pattern based retrieval, Proceedings of the 2007 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, January 15-16, 2007, Nice, France
	Maria Luisa Damiani , Elisa Bertino , Barbara Catania , Paolo Perlasca, GEO-RBAC: A spatially aware RBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.1, p.2-es, February 2007
	JuHum Kwon , Chang-Joo Moon, Visual modeling and formal specification of constraints of RBAC using semantic web technology, Knowledge-Based Systems, v.20 n.4, p.350-356, May, 2007
	Halvard Skogsrud , Boualem Benatallah , Fabio Casati , Manh Q. Dinh, Trust-Serv: a lightweight trust negotiation service, Proceedings of the Thirtieth international conference on Very large data bases, p.1329-1332, August 31-September 03, 2004, Toronto, Canada
	Qun Ni , Elisa Bertino , Jorge Lobo, An obligation model bridging access control policies and privacy policies, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Gail-Joon Ahn , Hongxin Hu, Towards realizing a formal RBAC model in real systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Ninghui Li , Mahesh V. Tripunitara , Ziad Bizri, On mutually exclusive roles and separation-of-duty, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.5-es, May 2007
	Dana Zhang , Kotagiri Ramamohanarao , Tim Ebringer, Role engineering using graph optimisation, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Nabil Adam , Ahmet Kozanoglu , Aabhas Paliwal , Basit Shafiq, Secure Information Sharing in a Virtual Multi-Agency Team Environment, Electronic Notes in Theoretical Computer Science (ENTCS), 179, p.97-109, July, 2007
	K. Lano, Constraint-driven development, Information and Software Technology, v.50 n.5, p.406-423, April, 2008
	Guangsen Zhang , Manish Parashar, SESAME: Scalable, Environment Sensitive Access Management Engine, Cluster Computing, v.9 n.1, p.19-27, January 2006
	Arif Ghafoor, Distributed multimedia information systems: an end-to-end perspective, Multimedia Tools and Applications, v.33 n.1, p.31-56, April 2007
	V. Page , M. Dixon , I. Choudhury, Security risk mitigation for information systems, BT Technology Journal, v.25 n.1, p.118-127, January 2007
	Kun Wang , Zhenguo Ding , Lihua Zhou, Efficient Access Control in Wireless Network, Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology, p.85-88, December 18-22, 2006
	Tom Goovaerts , Bart De Win , Wouter Joosen, Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.31-43, February, 2008
	Bechara Al Bouna , Richard Chbeir, MC^SE: a multimedia context-based security engine, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Jong P. Yoon, Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents, IEEE Transactions on Knowledge and Data Engineering, v.18 n.7, p.971-987, July 2006
	Hristo Koshutanski , Fabio Massacci, Interactive access control for autonomic systems: From theory to implementation, ACM Transactions on Autonomous and Adaptive Systems (TAAS), v.3 n.3, p.1-31, August 2008
	Mario Frank , David Basin , Joachim M. Buhmann, A class of probabilistic models for role engineering, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	T. Finin , A. Joshi , L. Kagal , J. Niu , R. Sandhu , W. Winsborough , B. Thuraisingham, ROWLBAC: representing role based access control in OWL, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	T. Finin , A. Joshi , L. Kagal , J. Niu , R. Sandhu , W. Winsborough , B. Thuraisingham, ROWLBAC: representing role based access control in OWL, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Devdatta Kulkarni , Anand Tripathi, Context-aware role-based access control in pervasive computing systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Christos K. Georgiadis , Dimitrios Baltatzis , George Pangalos, Secure mobile agent environments: modelling role assignments, International Journal of Electronic Security and Digital Forensics, v.1 n.3, p.249-267, October 2008
	Mayank Keshariya , Ray Hunt, A new architecture for performance-based policy management in heterogeneous wireless networks, Proceedings of the International Conference on Mobile Technology, Applications, and Systems, September 10-12, 2008, Yilan, Taiwan
	Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Nabil Adam, Migrating to optimal RBAC with minimal perturbation, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Yue Zhang , James B. D. Joshi, UAQ: a framework for user authorization query processing in RBAC extended with hybrid hierarchy and constraints, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Gilles Goncalves , Aneta Poniszewska-Maranda, Role engineering: From design to evolution of security schemes, Journal of Systems and Software, v.81 n.8, p.1306-1326, August, 2008
	Ludwig Seitz , Göran Selander , Erik Rissanen , Cao Ling , Babak Sadighi, Decentralized Access Control Management for Network Configuration, Journal of Network and Systems Management, v.16 n.3, p.303-316, September 2008
	Maurizio Lancia , Roberto Puccinelli , Flavio Lombardi, Feasibility and benefits of migrating towards JEE: a real life case, Proceedings of the 5th international symposium on Principles and practice of programming in Java, September 05-07, 2007, Lisboa, Portugal
	Yingbo Liu , Jianmin Wang , Yun Yang , Jiaguang Sun, A semi-automatic approach for workflow staff assignment, Computers in Industry, v.59 n.5, p.463-476, May, 2008
	Tsung-Yi Chen, Knowledge sharing in virtual enterprises via an ontology-based access control approach, Computers in Industry, v.59 n.5, p.502-519, May, 2008
	Mohamed Shehab , Kamal Bhattacharya , Arif Ghafoor, Web services discovery in secure collaboration environments, ACM Transactions on Internet Technology (TOIT), v.8 n.1, p.5-es, November 2007
	Vicente Benjumea , Javier Lopez , Jose M. Troya, Anonymity analysis in credentials-based systems: A formal framework, Computer Standards & Interfaces, v.30 n.4, p.253-261, May, 2008
	Georgios V. Lioudakis , Eleftherios A. Koutsoloukas , Nikolaos L. Dellas , Nikolaos Tselikas , Sofia Kapellaki , George N. Prezerakos , Dimitra I. Kaklamani , Iakovos S. Venieris, A middleware architecture for privacy protection, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.16, p.4679-4696, November, 2007
	M. L. Damiani , E. Bertino , P. Perlasca, Data security in location-aware applications: an approach based on RBAC, International Journal of Information and Computer Security, v.1 n.1/2, p.5-38, January 2007
	Hai Jin , Weizhong Qiang , Xuanhua Shi , Deqing Zou, RB-GACA: an RBAC based grid access control architecture, International Journal of Grid and Utility Computing, v.1 n.1, p.61-70, May 2005
	Mohamed Shehab , Elisa Bertino , Arif Ghafoor, Workflow authorisation in mediator-free environments, International Journal of Security and Networks, v.1 n.1/2, p.2-12, September 2006
	Matthias Merz, Enabling declarative security through the use of Java Data Objects, Science of Computer Programming, v.70 n.2-3, p.208-220, February, 2008
	Sylvia Encheva , Sharil Tumin, Preventing conflict situations during authorization, WSEAS Transactions on Computers, v.7 n.4, p.265-272, April 2008
	Yijun Yu , Haruhiko Kaiya , Hironori Washizaki , Yingfei Xiong , Zhenjiang Hu , Nobukazu Yoshioka, Enforcing a security pattern in stakeholder goal models, Proceedings of the 4th ACM workshop on Quality of protection, October 27-27, 2008, Alexandria, Virginia, USA
	Ninghui Li , Ji-Won Byun , Elisa Bertino, A Critique of the ANSI Standard on Role-Based Access Control, IEEE Security and Privacy, v.5 n.6, p.41-49, November 2007
	Guangsen Zhang , Manish Parashar, Dynamic Context-aware Access Control for Grid Applications, Proceedings of the 4th International Workshop on Grid Computing, p.101, November 17-17, 2003
	Deok Gyu Lee , Jong Hyuk Park , Tai-Hoon Kim , Laurence T. Yang, U-multimedia framework: a secure and intelligent multimedia service framework based on context information in U-home, The Journal of Supercomputing, v.45 n.1, p.88-104, July 2008
	Ji-Won Byun , Ninghui Li, Purpose based access control for privacy protection in relational database systems, The VLDB Journal — The International Journal on Very Large Data Bases, v.17 n.4, p.603-619, July 2008
	Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008
	Eduardo B. Fernandez , Günther Pernul, Patterns for session-based access control, Proceedings of the 2006 conference on Pattern languages of programs, October 21-23, 2006, Portland, Oregon
	Dae-Kyoo Kim , Pooja Mehta , Priya Gokhale, Describing access control models as design patterns using roles, Proceedings of the 2006 conference on Pattern languages of programs, October 21-23, 2006, Portland, Oregon
	Qurban Memon , Shakil Akhtar , Alaa A. Aly, Role management in adhoc networks, Proceedings of the 2007 spring simulaiton multiconference, March 25-29, 2007, Norfolk, Virginia
	Mirko Viroli , Andrea Omicini , Alessandro Ricci, INFRASTRUCTURE FOR RBAC-MAS: AN APPROACH BASED ON AGENT COORDINATION CONTEXTS, Applied Artificial Intelligence, v.21 n.4-5, p.443-467, April 2007
	Bechara Al Bouna , Richard Chbeir , Stefania Marrara, Enforcing role based access control model with multimedia signatures, Journal of Systems Architecture: the EUROMICRO Journal, v.55 n.4, p.264-274, April, 2009
	Ioannis Mavridis , Andreas Mattas , Ioannis Pagkalos , Isabella Kotini , Christos Ilioudis, Supporting dynamic administration of RBAC in web-based collaborative applications during run-time, International Journal of Information and Computer Security, v.2 n.4, p.328-352, January 2009
	Zhengping Wu , Alfred C. Weaver, Requirements of federated trust management for service-oriented architectures, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
	David Basin , Manuel Clavel , Jürgen Doser , Marina Egea, Automated analysis of security-design models, Information and Software Technology, v.51 n.5, p.815-831, May, 2009
	Romain Laborde , Michel Kamel , Samer Wazan , Francois Barrere , Abdelmalek Benzekri, A secure collaborative web-based environment for virtual organisations, International Journal of Web Based Communities, v.5 n.2, p.273-292, March 2009
	Steve Barker, The next 700 access control models or a unifying meta-model?, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Achim D. Brucker , Helmut Petritsch, Extending access control models with break-glass, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Xinyu Wang , Jianling Sun , Xiaohu Yang , Chao Huang , Di Wu, Security Violation Detection for RBAC Based Interoperation in Distributed Environment, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1447-1456, May 2008
	Steve Barker , Gill Lowen, Event-oriented Web-based E-trading, Electronic Notes in Theoretical Computer Science (ENTCS), 235, p.35-53, April, 2009
	Steve Barker , Clara Bertolissi , Maribel Fernández, Action Control by Term Rewriting, Electronic Notes in Theoretical Computer Science (ENTCS), 234, p.19-36, March, 2009
	Mahesh V. Tripunitara , Bogdan Carbunar, Efficient access enforcement in distributed role-based access control (RBAC) deployments, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Andreas P. Streich , Mario Frank , David Basin , Joachim M. Buhmann, Multi-assignment clustering for Boolean data, Proceedings of the 26th Annual International Conference on Machine Learning, p.969-976, June 14-18, 2009, Montreal, Quebec, Canada
	Manachai Toahchoodee , Indrakshi Ray , Kyriakos Anastasakis , Geri Georg , Behzad Bordbar, Ensuring spatio-temporal access control for real-world applications, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Juan Manuel Garcia, A specification language for information security policies, Proceedings of the international conference on Computational and information science 2009, p.437-440, April 30-May 02, 2009, Houston, USA
	Jaideep Vaidya , Vijayalakshmi Atluri , Qi Guo , Haibing Lu, Edge-RMP: Minimizing administrative assignments for role-based access control, Journal of Computer Security, v.17 n.2, p.211-235, April 2009