Modeling role-based access control using a relational database tool

Traditional access control schemes have certain inherent weaknesses. As a promising alternative to traditional access control schemes, role-based access control has received special attention for its unique flexibility. In this paper, we use a database tool called WinRDBI to study the behavior of a role-based access control model. A detailed discussion of the role-based access control behaviors and policies is then presented.

[1]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[2]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[3]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[4]  Ramaswamy Chandramouli,et al.  Role-Based Access Control Features in Commercial Database Management Systems , 1998 .

[5]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[6]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[7]  Axel Kern,et al.  Advanced features for enterprise-wide role-based access control , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[8]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[9]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[11]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[12]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[14]  Suzanne W. Dietrich Understanding Relational Database Query Languages , 2001 .

[15]  Mark Strembeck,et al.  Design and implementation of a flexible RBAC-service in an object-oriented scripting language , 2001, CCS '01.

[16]  Roland Awischus,et al.  Role based access control with the security administration manager (SAM) , 1997, RBAC '97.

[17]  C. R. Ramakrishnan,et al.  Policy Analysis for Administrative Role Based Access Control , 2006, CSFW.