Implementing Advanced RBAC Administration Functionality with USE1
نویسندگان
چکیده
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future.
منابع مشابه
Implementing Advanced RBAC Administration Functionality with USE
Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations stil...
متن کاملCore Role Based Access Control (RBAC) mechanism for MySQL
RBAC or Role-Based Access Control is an approach to restrict system access to authorized users and help in implementing a secure access control for larger databases. MySQL is a popular open source relational database management system (RDBMS) which currently implements MAC and DAC access control mechanisms. We extend the access control policies in MySQL by adding the Core RBAC functionality to it.
متن کاملSupport for ANSI RBAC in CORBA
We describe access control mechanisms of the Common Object Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language than the CORBA Security specification (CORBASec). Using the configuration definition, we suggest an algorithm that formally specifies the semantics of authorization decisions in CORBA. We analyze supp...
متن کاملInvestigations into the auto-FAT10ylation of the bispecific E2 conjugating enzyme UBA6-specific E2 enzyme 1.
UNLABELLED The cytokine-inducible ubiquitin-like modifier HLA-F adjacent transcript 10 (FAT10) targets its substrates for degradation by the proteasome. FAT10 is conjugated to its substrates via the bispecific, ubiquitin-activating and FAT10-activating enzyme UBA6, the likewise bispecific conjugating enzyme UBA6-specific E2 enzyme 1 (USE1), and possibly E3 ligases. By MS analysis, we found that...
متن کاملA Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard
In this paper we describe a mainframe access control system (DENT) and its associated delegated administration tool (DSAS) that were used in a financial institution for over 20 years to control access to banking transaction products. The first part of this paper describes the design and operation of DENT/DSAS as an example of a long-lived access control system in a financial institution. A stan...
متن کامل