On permissions, inheritance and role hierarchies

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

On permissions, inheritance and role hierarchies

Full text

Pdf (199 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 10th ACM conference on Computer and communications security table of contents

Washington D.C., USA

SESSION: Access control table of contents

Pages: 85 - 92

Year of Publication: 2003

ISBN:1-58113-738-9

Author

Jason Crampton

University of London, United Kingdom

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 75, Citation Count: 10

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/948109.948123 What is a DOI?

ABSTRACT

Role-based access control and role hierarchies have generated considerable research activity in recent years.In many role-based models the role hierarchy partially determines which roles and permissions are available to users via various inheritance mechanisms.In this paper, we consider the nature of permissions more closely than is customary in the literature and propose a particular structure for permissions.We then introduce a role-based access control model that contains a novel approach to permission inheritance and illustrate how this model can be used to derive a role-based model with multi-level secure properties.We also consider the issue of redundant and consistent permission-role assignments and describe how such assignments can be avoided.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Bell, D., and LaPadula, L. Secure computer systems: Unified exposition and Multics interpretation. Tech. Rep. MTR-2997, Mitre Corporation, Bedford, Massachusetts, 1976.
	2	Jason Crampton , George Loizou, Administrative scope: A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.201-231, May 2003 [doi>10.1145/762476.762478]
	3	Davey, B., and Priestley, H. Introduction to Lattices and Order. Cambridge University Press, Cambridge, United Kingdom, 1990.
	4	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	5	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	6	Serban I. Gavrila , John F. Barkley, Formal specification for role based access control user/role and role/role relationship management, Proceedings of the third ACM workshop on Role-based access control, p.81-90, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286902]
	7	Cheh Goh , Adrian Baldwin, Towards a more complete model of role, Proceedings of the third ACM workshop on Role-based access control, p.55-62, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286898]
	8	D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States [doi>10.1145/266741.266749]
	9	D. Richard Kuhn, Role based access control on MLS systems without kernel changes, Proceedings of the third ACM workshop on Role-based access control, p.25-32, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286890]
	10	McLean, J. Security models. In Encyclopedia of Software Engineering, J. Marciniak, Ed. John Wiley & Sons, 1994.
	11	Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319186]
	12	Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999 [doi>10.1145/300830.300832]
	13	Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000 [doi>10.1145/354876.354878]
	14	Ravi S. Sandhu, Role Hierarchies and Constraints for Lattice-Based Access Controls, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.65-79, September 25-27, 1996
	15	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999 [doi>10.1145/300830.300839]
	16	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]

CITED BY 10

	Adam Barth , John C. Mitchell, Enterprise privacy promises and enforcement, Proceedings of the 2005 workshop on Issues in the theory of security, p.58-66, January 10-11, 2005, Long Beach, California
	Mikhail J. Atallah , Keith B. Frikken , Marina Blanton, Dynamic and efficient key management for access hierarchies, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Mohamed Shehab , Elisa Bertino , Arif Ghafoor, Secure collaboration in mediator-free environments, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Chaoyi Pang , David Hansen , Anthony Maeder, Managing RBAC states with transitive relations, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Liang Chen , Jason Crampton, Inter-domain role mapping and least privilege, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Quan Pham , Jason Reid , Adrian McCullagh , Ed Dawson, Commitment issues in delegation process, Proceedings of the sixth Australasian conference on Information security, January 01-01, 2008, Wollongong, NSW, Australia
	Xukai Zou , Yogesh Karandikar , Elisa Bertino, A dynamic key management solution to access hierarchy, International Journal of Network Management, v.17 n.6, p.437-450, November 2007
	Mohamed Shehab , Kamal Bhattacharya , Arif Ghafoor, Web services discovery in secure collaboration environments, ACM Transactions on Internet Technology (TOIT), v.8 n.1, p.5-es, November 2007
	Mohamed Shehab , Elisa Bertino , Arif Ghafoor, Workflow authorisation in mediator-free environments, International Journal of Security and Networks, v.1 n.1/2, p.2-12, September 2006
	Mikhail J. Atallah , Marina Blanton , Nelly Fazio , Keith B. Frikken, Dynamic and Efficient Key Management for Access Hierarchies, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-43, January 2009