ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A model of OASIS role-based access control and its support for active security
Full text PdfPdf (352 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 5 ,  Issue 4  (November 2002) table of contents
Pages: 492 - 540  
Year of Publication: 2002
ISSN:1094-9224
Authors
Jean Bacon  University of Cambridge, Cambridge, United Kingdom
Ken Moody  University of Cambridge, Cambridge, United Kingdom
Walt Yao  University of Cambridge, Cambridge, United Kingdom
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 244,   Citation Count: 39
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/581271.581276
What is a DOI?

ABSTRACT

OASIS is a role-based access control architecture for achieving secure interoperation of services in an open, distributed environment. The aim of OASIS is to allow autonomous management domains to specify their own access control policies and to interoperate subject to service level agreements (SLAs). Services define roles and implement formally specified policy to control role activation and service use; users must present the required credentials, in an appropriate context, in order to activate a role or invoke a service. All privileges are derived from roles, which are activated for the duration of a session only. In addition, a role is deactivated immediately if any of the conditions of the membership rule associated with its activation becomes false. These conditions can test the context, thus ensuring active monitoring of security.To support the management of privileges, OASIS introduces appointment. Users in certain roles are authorized to issue other users with appointment certificates, which may be a prerequisite for activating one or more roles. The conditions for activating a role at a service may include appointment certificates as well as prerequisite roles and constraints on the context. An appointment certificate does not therefore convey privileges directly but can be used as a credential for role activation. The lifetime of appointment certificates is not restricted to the issuing session, so they can be used as long-lived credentials to represent academic and professional qualification, or membership of an organization.Role-based access control (RBAC), in associating privileges with roles, provides a means of expressing access control that is scalable to large numbers of principals. However, pure RBAC associates privileges only with roles, whereas applications often require more fine-grained access control. Parametrized roles extend the functionality to meet this need.We motivate our approach and formalise OASIS. We first present the overall architecture through a basic model, followed by an extended model that includes parametrization.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
 
2
Jean Bacon , Michael Lloyd , Ken Moody, Translating Role-Based Access Control Policy within Context, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.107-119, January 29-31, 2001
3
Jean Bacon , Ken Moody, Toward open, secure, widely distributed services, Communications of the ACM, v.45 n.6, June 2002  [doi>10.1145/508448.508475]
 
4
Jean Bacon , Ken Moody , John Bates , Richard Hayton , Chaoying Ma , Andrew McNeil , Oliver Seidel , Mark Spiteri, Generic Support for Distributed Applications, Computer, v.33 n.3, p.68-76, March 2000  [doi>10.1109/2.825698]
 
5
Bacon, J. M., Moody, K., and Yao, W. T. M. 2001b. Access control and trust in the use of widely distributed services. In Middleware 2001. Lecture Notes in Computer Science, vol. 2218. Springer-Verlag, Heidelberg and New York, 300--315.
 
6
Barka, E. and Sandhu, R. S. 2000a. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference (NISSC 2000) (Baltimore, Md., Oct. 16--19). See http://csrc.nist.gov/nissc/2000/proceedings/toc.pdf.
 
7
E. Barka , R. Sandhu, Framework for role-based delegation models, Proceedings of the 16th Annual Computer Security Applications Conference, p.168, December 11-15, 2000
 
8
A. Belokosztolszki , K. Moody, Meta-Policies for Distributed Role-Based Access Control Systems, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.106, June 05-07, 2002
 
9
Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, A Temporal Access Control Mechanism for Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.67-80, February 1996  [doi>10.1109/69.485637]
10
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344298]
11
Elisa Bertino , Elena Ferrari , Vijayalakshmi Atluri, A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems, Proceedings of the second ACM workshop on Role-based access control, p.1-12, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266746]
 
12
Biron, P. and Malhotra, A. 2001. XML schema part 2: Datatypes. World Wide Web Consortium (W3C) recommendation 02 May 2001. Available at http://www.w3.org/TR/xmlschema-2/.
 
13
Box, D., Ehnebuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Nielsen, H. F., Thatte, S., and Winer, D. 2000. Simple Object Access Protocol (SOAP) 1.1. World Wide Web Consortium (W3C) note 08 May 2000. Available at http://www.w3.org/TR/SOAP/.
14
Michael J. Covington , Wende Long , Srividhya Srinivasan , Anind K. Dev , Mustaque Ahamad , Gregory D. Abowd, Securing context-aware applications using environment roles, Proceedings of the sixth ACM symposium on Access control models and technologies, p.10-20, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373258]
 
15
Covington, M. J., Moyer, M. J., and Ahamad, M. 2000. Generalized role-based access control for securing future applications. In Proceedings of the 23rd National Information Systems Security Conference. (NISSC 2000) (Baltimore, Md., Oct. 16--19). See http://csrc.nist.gov/nissc/2000/proceedings/toc.pdf.
 
16
Bruno Crispo, Delegation of Responsibility (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.118-124, April 15-17, 1998
17
David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999  [doi>10.1145/300830.300834]
18
Christos K. Georgiadis , Ioannis Mavridis , George Pangalos , Roshan K. Thomas, Flexible team-based access control using contexts, Proceedings of the sixth ACM symposium on Access control models and technologies, p.21-27, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373259]
19
Luigi Giuri , Pietro Iglio, Role templates for content-based access control, Proceedings of the second ACM workshop on Role-based access control, p.153-159, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266773]
 
20
Gligor, V. D., Gavrila, S., and Ferraiolo, D. 1998. On the formal definition of separation of duty policies and their composition. In Proceedings of 1998 IEEE Symposium on Security and Privacy (Oakland, Calif., May 3--6). IEEE Computer Society Press, Los Alamitos, Calif., 172--183.
 
21
Gong, L. 1989. A secure identity-based capability system. In Proceedings of 1989 IEEE Symposium on Security and Privacy (Oakland, Calif., May). IEEE Computer Society Press, Los Alamitos, Calif., 56--63.
 
22
Hayton, R. J., Bacon, J., and Moody, K. 1998. OASIS: Access control in an open, distributed environment. In Proceedings of 1998 IEEE Symposium on Security and Privacy (Oakland, Calif., May 3--6). IEEE Computer Society Press, Los Alamitos, Calif., 3--14.
 
23
John A. Hine , Walt Yao , Jean Bacon , Ken Moody, An architecture for distributed OASIS services, IFIP/ACM International Conference on Distributed systems platforms, p.104-120, April 03-07, 2000, New York, New York, United States
24
Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319175]
 
25
Savith Kandala , Ravi Sandhu, Secure role-based workflow models, Proceedings of the fifteenth annual working conference on Database and application security, p.45-58, July 15-18, 2001, Niagara, Ontario, Canada
26
D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266749]
 
27
Bruce Momjian, PostgreSQL: introduction and concepts, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2001
 
28
Matunda Nyanchama , Sylvia L. Osborn, Access Rights Administration in Role-Based Security Systems, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.37-56, August 23-26, 1994
29
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
30
Sejong Oh , Ravi Sandhu, A model for role administration using organization structure, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507737]
 
31
Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sept.), 1278--1308.
32
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
33
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
34
Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.183, June 10-12, 1997
35
Roshan K. Thomas, Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, p.13-19, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266748]
 
36
Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
 
37
Thompson, H. S., Beech, D., Maloney, M., and Mendelsohn, N. 2001. XML Schema Part 1: Structures. World Wide Web Consortium (W3C) recommendation 02 May 2001. Available at http://www.w3.org/TR/xmlschema-1/.
38
Weigang Wang, Team-and-role-based organizational context and access control for cooperative hypermedia environments, Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots, p.37-46, February 21-25, 1999, Darmstadt, Germany  [doi>10.1145/294469.294480]
39
Walt Yao , Ken Moody , Jean Bacon, A model of OASIS role-based access control and its support for active security, Proceedings of the sixth ACM symposium on Access control models and technologies, p.171-181, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373294]

CITED BY  39
Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
Jean Bacon , Ken Moody, Toward open, secure, widely distributed services, Communications of the ACM, v.45 n.6, June 2002
Jean Bacon , Ken Moody , Walt Yao, Access control and trust in the use of widely distributed services, Software—Practice & Experience, v.33 n.4, p.375-394, 10 April 2003
Patrick McDaniel, On context in authorization policy, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Tanvir Ahmed , Anand R. Tripathi, Static verification of security requirements in role based CSCW systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
András Belokosztolszki , David M. Eyers , Peter R. Pietzuch , Jean Bacon , Ken Moody, Role-based access control for publish/subscribe middleware architectures, Proceedings of the 2nd international workshop on Distributed event-based systems, June 08-08, 2003, San Diego, California
Steve Neely , Helen Lowe , David Eyers , Jean Bacon , Julian Newman , Xiaofeng Gong, An architecture for supporting vicarious learning in a distributed environment, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus
Robert E. McGrath , M. Dennis Mickunas, Dynamic personal roles for ubiquitous computing, Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, October 26-30, 2003, Anaheim, CA, USA
Xuhui Ao , Naftaly H. Minsky, On the role of roles: from role-based to role-sensitive access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Rafae Bhatti , James Joshi , Elisa Bertino , Arif Ghafoor, X-GTRBAC admin: a decentralized administration model for enterprise wide access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Nathan Dimmock , András Belokosztolszki , David Eyers , Jean Bacon , Ken Moody, Using trust and risk in role-based access control policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005
Victoria Ungureanu, Efficient support for enterprise delegation policies, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Raman Adaikkalavan , Sharma Chakravarthy, SmartGate: a smart push-pull approach to support role-based security in web gateways, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Jacques Wainer , Akhil Kumar, A fine-grained, controllable, user-to-user delegation method in RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Rafae Bhatti , Arif Ghafoor , Elisa Bertino , James B. D. Joshi, X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.2, p.187-227, May 2005
Trent Jaeger , Xiaolan Zhang , Fidel Cacheda, Policy management using access control spaces, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.327-364, August 2003
Rafae Bhatti , Basit Shafiq , Elisa Bertino , Arif Ghafoor , James B. D. Joshi, X-gtrbac admin: A decentralized administration model for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.388-423, November 2005
Jacques Wainer , Akhil Kumar , Paulo Barthelmess, DW-RBAC: A formal security model of delegation and revocation in workflow systems, Information Systems, v.32 n.3, p.365-384, May, 2007
Steve Barker, Action-status access control, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Janice Warner , Vijayalakshmi Atluri , Ravi Mukkamala , Jaideep Vaidya, Using semantics for automatic enforcement of access control policies among dynamic coalitions, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Adam J. Lee , Kazuhiro Minami , Marianne Winslett, Lightweight cnsistency enforcement schemes for distributed proofs with hidden subtrees, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Tsung-Yi Chen , Yuh-Min Chen, Advanced multi-phase trust evaluation model for collaboration between coworkers in dynamic virtual project teams, Expert Systems with Applications: An International Journal, v.36 n.8, p.11172-11185, October, 2009
Tanvir Ahmed , Anand R. Tripathi, Specification and verification of security requirements in a programming model for decentralized CSCW systems, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.7-es, May 2007
Gail-Joon Ahn , Hongxin Hu, Towards realizing a formal RBAC model in real systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Tsung-Yi Chen , Yuh-Min Chen , Hui-Chuan Chu, Developing a trust evaluation method between co-workers in virtual project team for enabling resource sharing and collaboration, Computers in Industry, v.59 n.6, p.565-579, August, 2008
T. -Y. Chen , Y. -M. Chen , H. -C. Chu , C. -B. Wang, Distributed access control architecture and model for supporting collaboration and concurrency in dynamic virtual enterprises, International Journal of Computer Integrated Manufacturing, v.21 n.3, p.301-324, April 2008
Devdatta Kulkarni , Anand Tripathi, Context-aware role-based access control in pervasive computing systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Tsung-Yi Chen, Knowledge sharing in virtual enterprises via an ontology-based access control approach, Computers in Industry, v.59 n.5, p.502-519, May, 2008
Jatinder Singh , David M. Eyers , Jean Bacon, Credential management in event-driven healthcare systems, Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion, December 01-05, 2008, Leuven, Belgium
Jean Bacon , David M. Eyers , Jatinder Singh , Peter R. Pietzuch, Access control in publish/subscribe systems, Proceedings of the second international conference on Distributed event-based systems, July 01-04, 2008, Rome, Italy
Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008
Peter C. Chapin , Christian Skalka , X. Sean Wang, Authorization in trust management: Features and foundations, ACM Computing Surveys (CSUR), v.40 n.3, p.1-48, August 2008
Rakesh Bobba , Himanshu Khurana , Musab AlTurki , Farhana Ashraf, PBES: a policy based encryption system with application to data sharing in the power grid, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Tsung-Yi Chen , Yuh-Min Chen , Chin-Bin Wang , Hui-Chuan Chu, Flexible authorisation in dynamic e-business environments using an organisation structure-based access control model, International Journal of Computer Integrated Manufacturing, v.22 n.3, p.225-244, March 2009
Jean Bacon , David Eyers , Ken Moody , Lauri Pesonen, Securing publish/subscribe for multi-domain systems, Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware, p.1-20, November 01-01, 2005, Grenoble, France
Yuqing Sun , Bin Gong , Xiangxu Meng , Zongkai Lin , Elisa Bertino, Specification and enforcement of flexible security policy for active cooperation, Information Sciences: an International Journal, v.179 n.15, p.2629-2642, July, 2009
Juan Manuel Garcia, A specification language for information security policies, Proceedings of the international conference on Computational and information science 2009, p.437-440, April 30-May 02, 2009, Houston, USA
Li Yang , Alma Cemerlic, Integrating Dirichlet reputation into usage control, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, April 13-15, 2009, Oak Ridge, Tennessee

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems

  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls
      D.4.7 Organization and Design
          Subjects: Distributed systems


General Terms:
Design, Management, Security, Theory


Keywords:
Certificates, OASIS, RBAC, distributed systems, policy, role-based access control, service-level agreements

Collaborative Colleagues:
Jean Bacon: colleagues
Ken Moody: colleagues
Walt Yao: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player