This paper examines the access control requirements of distributed health care information networks. Since the electronic sharing of an individual’s personal health information requires their informed consent, health care information networks need an access control framework that can capture and enforce individual access policies tailored to the specific circumstances of each consumer. Role Bas...

This paper presents a reference architecture (or conceptual framework) for the speci cation and enforcement of role-based access control (RBAC). The architecture has three tiers in loose analogy to the well-known ANSI/SPARC architecture for database systems. (Although we take our inspiration from the database domain, we emphasize that our proposed RBAC architecture is germane to applications an...

Role-Based Access Control (RBAC) models are becoming a de facto standard, greatly simplifying management and administration tasks. Organizational constraints were introduced (e.g.: mutually exclusive roles, cardinality, prerequisite roles) to reflect peculiarities of organizations. Thus, the number of rules is increasing and policies are becoming more and more complex: understanding and analyzi...

Separation of duties (SoD) is a key security requirement for many business and information systems. Role Based Access Controls (RBAC) is a relatively new paradigm for protecting information systems. In the ANSI standard RBAC model both static and dynamic SoD are defined. However, static SoD policies assume that the system has full control over the assignment of all roles to users, whilst dynami...

In this paper, we propose a role-based access control (RBAC) system for the distributed resources in a cyber-physical system. Current identity-based access control systems cause substantial administration overhead for the resource managers in the cyberphysical system because of the direct mapping between individual users and the access privileges on the resources. Our RBAC system uses Shibbolet...

In communication networks, a cognitive network (CN) is a new type of data network which is used to solve some of the problems that face current networks. Cognitive radio (CR) is part of a cognitive network and a smart wireless communication system. CR is conscious of its surrounding environment, and learns from the environment. It adapts its internal states by making corresponding real-time cha...

Role-Based Access Control (RBAC) is a exible and policy-neutral access control technology. For large systems|with hundreds of roles, thousands of users and millions of permissions|managing roles, users, permissions and their interrelationships is a formidable task that cannot realistically be centralized in a small team of security administrators. An appealing possibility is to use RBAC itself ...

Over the last decade there has been tremendous advance in the theory and practice of role-based access control (RBAC). One of the most significant aspects of RBAC can be viewed from its management of permissions on the basis of roles rather than individual users. Consequently, it reduces administrative costs and potential errors. The management of roles in various RBAC implementations, however,...

The day-today operations of corporations and government agencies rely on inter-operating legacy, COTs, databases, clients, servers, etc., which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). Both access control and security assurance within these distributed applications is paramount. Of particular concern is the delegation of authority, ...

i Declaration This thesis is my own account of the research carried out by myself in 2005. Abstract As systems are becoming more interconnected, software is becoming less trustworthy and users are increasingly at greater risk of attack. Most operating systems allow programs to run with the full set of a user's permissions and this can result in malicious code with the ability to act outside of ...