论文信息 - A policy based role framework for access control

A policy based role framework for access control

We outline a framework for specifying management roles which defines both authorisation and obligation policies for a particular management position. The policies define a relationship between a subject (manager) domain and a target domain in terms of activities permitted or forbidden, which must be or must not be performed. Policies grouped within a role refer to the same subject domain and propagate to the managers assigned to the roles. We cater for both human and automated managers and include interactions and concurrency constraints to specify aspects of the inter-role relationships in our framework. The paper presents the role based management framework and explains the concepts of policy based roles, then briefly describes the implementation of access control based on domain membership.

[1] B. Biddle,et al. Role Theory: Concepts and Research , 1966 .

[2] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[3] Morris Sloman,et al. User and mechanism views of distributed systems management , 1993, Distributed Syst. Eng..

[4] Sylvia L. Osborn,et al. Access Rights Administration in Role-Based Security Systems , 1994, DBSec.

[5] Damian A. Marriott,et al. Management policy service for distributed systems , 1996, Proceedings of Third International Workshop on Services in Distributed and Networked Environments.

[6] Morris Sloman,et al. Policy Conflict Analysis in Distributed System Management , 1994 .

[7] B. Singh,et al. The grand challenge: building evolutionary technologies , 1993, [1993] Proceedings of the Twenty-sixth Hawaii International Conference on System Sciences.

[8] Emil C. Lupu,et al. AN APPROACH TO ROLE BASED MANAGEMENT FOR DISTRIBUTED SYSTEMS , 1995 .

[9] Morris Sloman,et al. An authentication service supporting domain-based access control policies , 1996, SEC.

[10] Morris Sloman,et al. A Security Framework Supporting Domain Based Access Control in Distributed Systems , 1996, NDSS.

[11] Morris Sloman,et al. GEM: a generalized event monitoring language for distributed systems , 1997, Distributed Syst. Eng..