Con guring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies
نویسندگان
چکیده
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various common forms of both of the traditional access control paradigms using the role-based access control (RBAC) models of Sandhu et al, commonly called RBAC96. We see that all of the features of the RBAC96 model are required, and that although for the mandatory access control simulation, only one administrative role needs to be assumed, for the discretionary access control simulations, a complex set of administrative roles is required.
منابع مشابه
Originator Control in Usage Control
Originator Control is an access control policy that requires recipients to gain originator’s approval for redissemination of disseminated digital object. Originator control policies are one of the generic and key concerns of usage control. Usage control is an emerging concept which encompasses traditional access control and digital rights management solutions. However, current commercial Digita...
متن کاملUsing Security Methods to Enforce Mandatory and Discretionary Access Control in an Object Database
In this paper, we propose a new security enforcement mechanism and demonstrate how this mechanism can enforce policies for both mandatory access control (MAC) and discretionary access control (DAC) in an object database system. Each class may have a security method that can block messages that leave instances of the class, and can block messages directed to instances of the class. Each supercla...
متن کاملA framework of composable access control features: Preserving separation of access control concerns from models to code
Modeling of security policies, along with their realization in code, must be an integral part of the software development process, to achieve an acceptable level of security for a software application. Among all of the security concerns (e.g. authentication, auditing, access control, confidentiality, etc.), this paper addresses the incorporation of access control into software. The approach is ...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملSecurity Enforcement in the DOK Federated Database System
The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...
متن کامل