论文信息 - Specification and classification of role-based authorization policies

Specification and classification of role-based authorization policies

Constraints are an important aspect of role-based access control (RBAC). Although the importance of constraints in RBAC has been recognized for a long time, they have not received much attention. In this paper we classify RBAC constraints into two major classes called prohibition constraints and obligation constraints. To specify these constraints, we utilize a formal language, named RCL2000. In this paper we show that prohibition, cardinality, and obligation constraints can be also represented in RCL2000.

Gail-Joon Ahn | Gail-Joon Ahn

[1] David F. Ferraiolo,et al. On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[2] Gail-Joon Ahn,et al. Role-based authorization constraints specification , 2000, TSEC.

[3] Gail-Joon Ahn,et al. The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[4] Fang Chen,et al. Constraints for role-based access control , 1996, RBAC '95.

[5] Pietro Iglio,et al. A formal model for role-based access control with constraints , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[6] Ravi S. Sandhu. Role Hierarchies and Constraints for Lattice-Based Access Controls , 1996, ESORICS.

[7] Ravi S. Sandhu,et al. How to do discretionary access control using roles , 1998, RBAC '98.

[8] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[9] D. Richard Kuhn,et al. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.