ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Information flow analysis of an RBAC system
Full text PdfPdf (153 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the seventh ACM symposium on Access control models and technologies table of contents
Monterey, California, USA
SESSION: Role Administration table of contents
Pages: 163 - 168  
Year of Publication: 2002
ISBN:1-58113-496-7
Author
Sylvia L. Osborn  The University of Western Ontario, London, Ontario, Canada
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 42,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/507711.507738
What is a DOI?

ABSTRACT

Role-based access control provides a very flexible set of mechanisms for managing the access control of a complex system with many users, objects and applications. In our previous research, we have shown how, given a role graph and security labels for objects, one can test whether or not the system satisfies properties for lattice-based access control. In this paper we give a general mapping, which takes an arbitrary role graph and produces another graph which shows the information flow that can result from the roles defined in the role graph. An extension builds the information flow graph taking user assignments and sessions into account.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
2
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
3
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
 
4
Fausto Rabitti , Darrell Woelk , Won Kim, A Model of Authorization for Object-Oriented and Semantic Databases, Proceedings of the International Conference on Extending Database Technology: Advances in Database Technology, p.231-250, March 14-18, 1988
 
5
Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993  [doi>10.1109/2.241422]
6
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
7
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]

CITED BY  4
Tanvir Ahmed , Anand R. Tripathi, Static verification of security requirements in role based CSCW systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Joerg Abendroth , Christian D. Jensen, Partial outsourcing: a new paradigm for access control, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Thuong Doan , Steven Demurjian , T. C. Ting , Andreas Ketterl, MAC and UML for secure software design, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29, 2004, Washington DC, USA
Tanvir Ahmed , Anand R. Tripathi, Specification and verification of security requirements in a programming model for decentralized CSCW systems, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.7-es, May 2007

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Information flow controls


General Terms:
Algorithms, Security


Keywords:
mandatory access control, role graphs, role-based access control

Collaborative Colleagues:
Sylvia L. Osborn: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player