The application of security policy to role-based access control and the common data security architecture

In this paper, the approaches to introducing security policy into Role-Based Access Control (RBAC) and the Common Data Security Architecture (CDSA) are proposed. We apply security policy to a role's privileges in RBAC. An extended RBAC using PKI and role-assignment policy is described. The improved CDSA supports user-definable trust policy enforcement using trust policy description files. A policy-based CDSA is also presented. Furthermore, a role definition language is given, and a policy representation language is discussed.

[1]  Jan Vitek,et al.  Secure Internet Programming: Security Issues for Mobile and Distributed Objects , 1999 .

[2]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[3]  John F. Barkley,et al.  Implementing role-based access control using object technology , 1996, RBAC '95.

[4]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Joan Feigenbaum,et al.  A logic-based knowledge representation for authorization with delegation , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[7]  Fabio Massacci,et al.  Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control , 1997, ECSQARU-FAPR.

[8]  Marianne Winslett,et al.  Internet Credential Acceptance Policies , 1997, APPIA-GULP-PRODE.

[9]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[10]  D. Richard Kuhn,et al.  Future directions in role-based access control , 1996, RBAC '95.

[11]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[12]  Pietro Iglio,et al.  A formal model for role-based access control with constraints , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[13]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  William E. Johnston,et al.  Authorization and attribute certificates for widely distributed access control , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[15]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[16]  Marianne Winslett,et al.  Using Digital Credentials on the World Wide Web , 1997, J. Comput. Secur..

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[19]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.