Towards a task-based paradigm for flexible and adaptable access control in distributed applications

Historically, the access control problem has been couched within the framework of subjects, object, and rights. In this paper we argue for a newer paradigm for distributed and multi-system applications, that transcends the subject-object view of access control. This new paradigm views access control and authorization not in terms of individual subjects and object, but rather in terms of long-lived tasks that need to be authorized and managed in information systems.

[1]  Ravi S. Sandhu,et al.  The Extended Schematic Protection Model , 1992, J. Comput. Secur..

[2]  A. Elmagarmid Database transaction models for advanced applications , 1992 .

[3]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[4]  Andreas Reuter,et al.  The ConTract Model , 1991, Database Transaction Models for Advanced Applications.

[5]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[6]  Matthias Nussbaum Database Transaction Models for Advanced Applications , 1992 .

[7]  Amit P. Sheth,et al.  Using Flexible Transactions to Support Multi-System Telecommunication Applications , 1992, VLDB.

[8]  Panos K. Chrysanthis,et al.  ACTA: a framework for specifying and reasoning about transaction structure and behavior , 1990, SIGMOD '90.

[9]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[10]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.

[11]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[12]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.