论文信息 - Role Based Security

Role Based Security

User role-based protection presents a exible (hence adaptive) means for enforcing diering ranges of security policies. It can emulate both mandatory and discretionary access control modes of protection. Role-based protection enforces the principle of least privilege, hence minimizing the risk of Trojan horse attacks. This paper oers a glimpse into the strengths (and some weaknesses) of role-based protection, the structures for its enforcement and pointers to the direction for future research.

Sylvia Osborn | Matunda Nyanchama

[1] Sylvia Osborn,et al. Orthogonal Views in Object Oriented Database Security , 1991 .

[2] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.

[3] Theodore A. Linden. Operating System Structures to Support Security and Reliable Software , 1976, CSUR.

[4] Ravi S. Sandhu,et al. The NTree: a two dimension partial order for protection groups , 1988, TOCS.

[5] Maurice Nivat,et al. APPLICATION OF FORMAL LANGUAGE THEORY TO PROBLEMS OF SECURITY AND SYNCHRONIZATION , 1980 .

[6] Dan Thomsen,et al. Role-Based Application Design and Enforcement , 1990, Database Security.

[7] Ravi S. Sandhu,et al. Separation of Duties in Computerized Information Systems , 1990, DBSec.

[8] David D. Clark,et al. A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[9] T. C. Ting,et al. Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model , 1991, DBSec.

[10] E. V. Krishnamurthy,et al. On the design and administration of secure database transactions , 1992, SGSC.

[11] Won Kim,et al. A Model of Authorization for Object-Oriented and Semantic Databases , 1988, EDBT.

[12] Ravi S. Sandhu,et al. Recognizing Immediacy in an N-Tree Hierarchy and Its Application to Protection Groups , 1989, IEEE Trans. Software Eng..