Abstract | ||
---|---|---|
Many RBAC models have augmented the fundamental requirement of a role abstraction with features such as parameterised roles and environment-aware policy. We examine the potential for unintentional leakage of information during RBAC policy enforcement, either through the exchange of parameters with external services when checking environmental conditions, or through a policy design which does not appropriately separate policy subsections with different basic purposes. We propose a simple, robust mechanism for handling these problems, and illustrate our approach with a current application of our OASIS RBAC system. |
Year | DOI | Venue |
---|---|---|
2003 | 10.1109/POLICY.2003.1206964 | POLICY |
Keywords | Field | DocType |
oasis rbacsystem,different basic purpose,environment-aware policy,parameterised rbac,checkingenvironmental condition,policy designwhich,current application,policy contexts,controlling information flow,informationduring rbac policy enforcement,separate policy subsectionswith,external service,rbac model,formal specification,robust control,access control,role based access control,information flow,control systems,xml,authorization,authorisation,security | Information flow (information theory),Abstraction,XML,Computer security,Computer science,Authorization,Role-based access control,Formal specification,Policy enforcement,Policy design | Conference |
ISBN | Citations | PageRank |
0-7695-1933-4 | 15 | 0.91 |
References | Authors | |
13 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
András Belokosztolszki | 1 | 137 | 7.00 |
David M. Eyers | 2 | 477 | 45.90 |
Ken Moody | 3 | 935 | 85.75 |