Discretionary Overriding of Access Control in the Privilege Calculus
نویسندگان
چکیده
We extend a particular access control framework, the Privilege Calculus, with a possibility to override denied access for increased flexibility in hard to define or unanticipated situations. We require the overrides to be audited and approved by appropriate managers. In order to automatically find the authorities who are able to approve an override, we present an algorithm for authority resolution. We are able to calculate from the access control policy who can approve an override without the need for any additional information.
منابع مشابه
Role-based Security
User role-based protection presents a exible (hence adaptive) means for enforcing diering ranges of security policies. It can emulate both mandatory and discretionary access control modes of protection. Role-based protection enforces the principle of least privilege, hence minimizing the risk of Trojan horse attacks. This paper oers a glimpse into the strengths (and some weaknesses) of role-bas...
متن کاملA Framework for Secure, Obligated, Coordinated and Dynamic Collaboration that Extends NIST RBAC
There has been a long history of security and access control models, from both a research perspective, and as realized in working systems. The three dominant models are: mandatory access control, MAC [Bell, 1975], discretionary access control, DAC [Linn, 1999], and role-based access control, RBAC [Sandhu, 1996]. In MAC [Bell, 1975], security levels (SL’s) such as unclassified (U), confidential ...
متن کاملA type system for Discretionary Access Control
Discretionary Access Control (DAC) systems provide powerful resource management mechanisms based on the selective distribution of capabilities to selected classes of principals. We study a type-based theory of DAC models for a process calculus that extends Cardelli, Ghelli and Gordon’s pi-calculus with groups (Cardelli et al., 2005). In our theory, groups play the rôle of principals, the unit o...
متن کاملRole - Based Access Control ( Rbac ) Based In Hospital Management
A key issue in any information security is to protect information about all forms against unauthorized access. Innovation access control model is now becoming a need for application on systems due to emerging acts. Role based access control (RBAC) is a feasible alternative to traditional Discretionary Access Control (DAC) and Mandatory Access Control (MAC). RBAC has been presented to be cost op...
متن کاملProtecting User Files by Reducing Application Access
Traditional discretionary access control mechanisms do not differentiate between a user’s running applications–hence they provide no means of preventing one application from exploiting another’s data. Commercial mandatory access control mechanisms such as SELinux and AppArmor aim to protect system files, but do little to prevent similar misuse of user data. This paper presents the PinUP access ...
متن کامل