We demonstrate how one can use the formal concept analysis (FCA) to obtain the role hierarchy for the role based access control from the existing access control matrix. We also discuss assesed by means of FCA the quality of security system and finding users with excess permissions.

*) This work is supported by European ESPRIT III, project Nr. 8629. Abstract The paper describes authorization and access control in the IRO-DB database system, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative discretionary access control policy which supports positive, negative, as well as im...

Access control is important for protecting information integrity in workflow management system (WfMS). Compared to conventional access control technology such as discretionary, mandatory, and role-based access control models, task-role-based access control (TRBAC) model, an access control model based on both tasks and roles, meets more requirements for modern enterprise environments. However, f...

The value of the Internet as a flexible tool for the posting and exchange of information is expressed in the potential it has for governance, commerce, and social interaction. The Internet is symbolic of the digital revolution of the 20th century that changed the packaging and dissemination of electronic information. In politics, the potential of the Internet is perceived to be in e-government....

With discretionary access control (DAC) policies, authorization to perform operations on an object is controlled by the object’s owner or by principals whose authority can be traced back to that owner. The goals of an institution, however, might not align with those of any individual. So for systems intended to support institutions, a more natural basis for authorization is rules set by the ins...

The paper presents revocation schemes in role-based access control models. We are particularly interested in two key issues: how to perform the revocation and how to manage the revocation policy. We show how to deal with these two aspects in our delegation model based on the OrBAC formalism and its administration licence concept. This model provides means to manage several types of of delegatio...

Modern distributed systems tend to be conglomer-ates of heterogeneous subsystems, which have been designed separately, by diierent people, with little, if any, knowledge of each other | and which may be governed by diierent security policies. A single software agent operating within such a system may nd itself interacting with, or even belonging to, several subsystems, and thus be subject to se...

The latest researches on access control model are dramatically different from conventional ones. Nowadays, most attention is paid to accessing across organizational boundaries. So, how to identify the applicant and determine authorization with limited information; how to express and exchange control rules expediently; how to protect confidential information and enhance collaboration simultaneou...