Role-based security: pros, cons, & some research directions

User role-based protection presents a flexible (hence adaptive) means for enforcing differing ranges of security policies. It can emulate both mandatory and discretionary access control modes of protection. Role-based protection enforces the principle of least privilege, hence minimizing the risk of Trojan horse attacks. This paper offers a glimpse into the strengths (and some weaknesses) of role-based protection, the structures for its enforcement and pointers to the direction for future research.

[1]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[2]  E. V. Krishnamurthy,et al.  On the design and administration of secure database transactions , 1992, SGSC.

[3]  Won Kim,et al.  A Model of Authorization for Object-Oriented and Semantic Databases , 1988, EDBT.

[4]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[5]  Maurice Nivat,et al.  APPLICATION OF FORMAL LANGUAGE THEORY TO PROBLEMS OF SECURITY AND SYNCHRONIZATION , 1980 .

[6]  T. C. Ting,et al.  Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model , 1991, DBSec.

[7]  Sylvia Osborn,et al.  Orthogonal Views in Object Oriented Database Security , 1991 .

[8]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Ravi S. Sandhu,et al.  The NTree: a two dimension partial order for protection groups , 1988, TOCS.

[10]  Ravi S. Sandhu,et al.  Recognizing Immediacy in an N-Tree Hierarchy and Its Application to Protection Groups , 1989, IEEE Trans. Software Eng..

[11]  Dan Thomsen,et al.  Role-Based Application Design and Enforcement , 1990, Database Security.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Theodore A. Linden Operating System Structures to Support Security and Reliable Software , 1976, CSUR.

[14]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .