We describe a new design for authentication and access control. In this design, principals embody a flexible notion of authentication. They are compound principals that reflect the identities of the programs that have executed, even those of login programs. These identities are based on a naming tree. Our access control lists are patterns that recognize principals. We show how this design suppo...

tüe believe that access controls for object-oriented systems should be fine-grained and thus apply to individual methods of individual objects. The efficient support of fine-grained access control is challenging because a check is done on every method invo-cation. rüe present a design that uses access control lists (ACLs) and exploits virtual memory facilities to make these checks run fast. The...

Role-based access control (RBAC) and attribute-based access control (ABAC) are currently the most prominent access control models. However, they both suffer from limitations and have features complimentary to each other. Due to this fact, integration of RBAC and ABAC has become a hot area of research recently. We propose an access control model that combines the two models in a novel way in ord...

Among access control models, Role-Based Access Control (RBAC) is very useful and is used in many computer systems. Static Combination of Duty (SCD) and Dynamic Combination of Duty (DCD) constraints have been introduced recently for this model to handle dependent roles. These roles must be used together and can be considered as a contrary point of conflicting roles. In this paper, we propose sev...

This paper describes a simplified and corrected specification of role-based access control (RBAC) based on the specification in the ANSI standard for RBAC. The simplifications and corrections were made while following a systematic method for deriving efficient implementations from straightforward implementations of clear specifications. The method allows specifications to be written clearly wit...

A temporarily-spatially constrained model based on TRBAC (Task-Role Based Access Control) is proposed in workflow system. Temporary and spatial Constraint is that user is not only constrained by temporality, but also constrained by spatiality when user executes the task. The model suggests that a property of security level should be increased in task. The newly increased property can make the w...

The secure interaction between two or more administrative domains is a major concern. We examine the issues of secure interoperability between two security domains operating under the Role Based Access Control (RBAC) Model. We propose a model that quickly establishes a exible policy for dynamic role translation. The role hierarchies of the local and foreign domains can be manipulated through ou...

This paper describes a corrected and simplified specification of role-based access control (RBAC) based on the specification in the ANSI standard for RBAC. We give a complete specification of core RBAC, explaining the methodology we used in developing it; we then give a complete specification of hierarchical RBAC, with an additional option for managing the relationship on roles; and we also des...