ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Design and implementation of a flexible RBAC-service in an object-oriented scripting language
Full text PdfPdf (177 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 8th ACM conference on Computer and Communications Security table of contents
Philadelphia, PA, USA
Session: Access Control table of contents
Pages: 58 - 67  
Year of Publication: 2001
ISBN:1-58113-385-5
Authors
Gustaf Neumann  Vienna University of Economics and BA, Austria
Mark Strembeck  Vienna University of Economics and BA, Austria
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 62,   Citation Count: 8
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/501983.501992
What is a DOI?

ABSTRACT

In this paper we present the design and implementation of the xorbac component that provides a flexible RBAC service. The xorbac, implementation conforms to level 4a of the unified NIST model for RBAC and can be reused for arbitrary applications on Unix or Windows with a C or Tcl linkage. xorbac runtime elements can be serialized and recreated from RDF data models conforming to a well-defined RDF schema. Furthermore we present our experiences with xorbac for the deployment within the HTTP environment for a web-based mobile code system.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Guy Edjlali , Anurag Acharya , Vipin Chaudhary, History-based access control for mobile code, Proceedings of the 5th ACM conference on Computer and communications security, p.38-48, November 02-05, 1998, San Francisco, California, United States  [doi>10.1145/288090.288102]
 
2
O.Agesen,L.Bak,C.Chambers,B.Chang, U.Hoelzle,J.Maloney,R.Smith,D.Ungar,and M.Wolczko.The SELF 4.0 Programmer's Reference Manual... Sun Microsystems,1995.
3
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
4
John Barkley, Implementing role-based access control using object technology, Proceedings of the first ACM Workshop on Role-based access control, p.20-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270192]
5
Larry S. Bartz, hyperDRIVE: leveraging LDAP to implement RBAC on the Web, Proceedings of the second ACM workshop on Role-based access control, p.69-74, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266759]
6
Daniel G. Bobrow , Linda G. DeMichiel , Richard P. Gabriel , Sonya E. Keene , Gregor Kiczales , David A. Moon, Common Lisp Object System specification, ACM SIGPLAN Notices, v.23 n.SI, p.1-142, September 1988  [doi>10.1145/885631.885632]
 
7
D.Brickley and R.Guha.Resource description framework (RDF)schema speci .cation 1.0. http://www.w3.org/TR/rdf-schema/,March 2000. W3 Consortium Candidate Recommendation.
8
David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999  [doi>10.1145/300830.300834]
 
9
D.Ferraiolo and R.Kuhn.Role-based access controls. In Proc. of the 15th NIST-NCSC National Computer Security Conference October 1992.
 
10
Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
11
Luigi Giuri, Role-based access control on the Web using Java, Proceedings of the fourth ACM workshop on Role-based access control, p.11-18, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319173]
12
Georg Gottlob , Michael Schrefl , Brigitte Röck, Extending object-oriented systems with roles, ACM Transactions on Information Systems (TOIS), v.14 n.3, p.268-296, July 1996  [doi>10.1145/230538.230540]
 
13
Kurt Gutzmann, Access Control and Session Management in the HTTP Environment, IEEE Internet Computing, v.5 n.1, p.26-35, January 2001  [doi>10.1109/4236.895139]
 
14
Bent Bruun Kristensen , Kasper Østerbye, Roles: conceptual abstraction theory and practical language issues, Theory and Practice of Object Systems, v.2 n.3, p.143-160, 1996  [doi>10.1002/(SICI)1096-9942(1996)2:3<143::AID-TAPO2>3.3.CO;2-S]
 
15
O.Lassila and R.R.Swick.Resource description framework (RDF)model and syntax speci .cation. http://www.w3.org/TR/REC-rdf-syntax/,February 1999.W3 Consortium Recommendation.
 
16
Gustaf Neumann , Uwe Zdun, Enhancing Object-Based System Composition through Per-Object Mixins, Proceedings of the Sixth Asia Pacific Software Engineering Conference, p.522, December 07-10, 1999
 
17
G.Neumann and U.Zdun.Implementing object-speci .c design patterns using per-object mixins.In Proc. of Second Nordic Workshop on Software Architecture (NOSA),August 1999.
18
Gustaf Neumann , Uwe Zdun, Towards the usage of dynamic object aggregations as a foundation for composition, Proceedings of the 2000 ACM symposium on Applied computing, p.818-820, March 2000, Como, Italy  [doi>10.1145/338407.338571]
 
19
G.Neumann and U.Zdun.XOTcl,an object-oriented scripting language.In Proc. of Tcl2k: 7th USENIX Tcl/Tk Conference February 2000.
 
20
G.Neumann and U.Zdun.Distributed web application development with active web objects.In Proc. of the 2nd International Conference on Internet Computing June 2001.
21
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
 
22
John K. Ousterhout, Tcl and the Tk toolkit, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1994
 
23
John K. Ousterhout, Scripting: Higher-Level Programming for the 21st Century, Computer, v.31 n.3, p.23-30, March 1998  [doi>10.1109/2.660187]
24
Joon S. Park , Ravi Sandhu, RBAC on the Web by smart certificates, Proceedings of the fourth ACM workshop on Role-based access control, p.1-9, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319172]
 
25
T.Reenskaug,P.Wold,and O.Lehne.Working with objects... Manning Publications,1996.
26
Dirk Riehle , Thomas Gross, Role model based framework design and integration, Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.117-133, October 18-22, 1998, Vancouver, British Columbia, Canada
 
27
P.Samarati and R.Sandhu.Access control:Principles and practice.IEEE Communications 32(9), September 1994.
28
Ravi Sandhu, Roles versus groups, Proceedings of the first ACM Workshop on Role-based access control, p.7-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270163]
 
29
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
30
Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344301]
 
31
Clemens Szyperski, Component software: beyond object-oriented programming, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1998
 
32
Zahir Tari , Shun-Wu Chan, A Role-Based Access Control for Intranet Security, IEEE Internet Computing, v.1 n.5, p.24-34, September 1997  [doi>10.1109/4236.623965]
 
33
Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
 
34
D.Wetherall and C.Lindblad.Extending Tcl for dynamic object-oriented programming.In Proc. of the Tcl/Tk Workshop 95 July 1995.
 
35
XOTcl homepage.http://www.xotcl.org.

CITED BY  8
Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Susanne Guth , Gustaf Neumann , Mark Strembeck, Experiences with the enforcement of access rights extracted from ODRL-based digital contracts, Proceedings of the 3rd ACM workshop on Digital rights management, October 27-27, 2003, Washington, DC, USA
Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, A role administration system in role-based authorization infrastructures: design and implementation, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
Ernesto Damiani , Sabrina De Capitani di Vimercati , Cristiano Fugazza , Pierangela Samarati, Modality conflicts in semantics aware access control, Proceedings of the 6th international conference on Web engineering, July 11-14, 2006, Palo Alto, California, USA
Uwe Zdun , Mark Strembeck , Gustaf Neumann, Object-based and class-based composition of transitive mixins, Information and Software Technology, v.49 n.8, p.871-891, August, 2007
Carlos Sanchez , Le Gruenwald , Mauricio Sanchez, A Monte Carlo framework to evaluate context based security policies in pervasive mobile environments, Proceedings of the 6th ACM international workshop on Data engineering for wireless and mobile access, June 10-10, 2007, Beijing, China

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.1 Logical Design
          Subjects: Data models

Additional Classification:
  I. Computing Methodologies
  I.6 SIMULATION AND MODELING
      I.6.5 Model Development
          Subjects: Modeling methodologies
  I.7 DOCUMENT AND TEXT PROCESSING
      I.7.2 Document Preparation
          Subjects: Scripting languages


General Terms:
Algorithms, Design, Security


Keywords:
XOTcl, mobile code, object-orientation, role-based access control, scripting language, web-applications

Collaborative Colleagues:
Gustaf Neumann: colleagues
Mark Strembeck: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player