Extensões ao Modelo RBAC de Restrições para suportar Obrigações do UCONABC
Abstract
This work presents a proposal of extension to the model of Role-Based Access control (RBAC) to support activities that demands mutability in their authorization attributes in runtime. Such activities cannot be subdivided in a set of subtasks executed sequentially and nor they can be accomplished by a single role. The approach presented allows the creation of quorum role, which can only be activated in a session with endorsement of a quorum of other roles. A prototype illustrates the application of proposal in a network management scenario. In the illustrative scenario, a previously defined set of roles, by endorsement, activates a quorum role to perform a management task without the participation of the network administrator role.
References
Brewer, D., Nash, M., (1989) “The Chinese wall security policy”, In Proceedings of the Symposium on Security and Privacy, IEEE Press.
Ferraiolo, D., Barkley, J., Kuhn, R., (1999) “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet”, In Proceedings of NIST. Acessado em Janeiro, 2007, http://hissa.nist.gov/rbac/RBACdist/rbac_v1.1_dist.tar.
Ferraiolo, D., Kuhn, R., (1992) “Role-Based Access Control”, In Proceedings of NIST - NCSC National Computer Security Conference.
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn,D.R., Chandramouli, R., (2001) “A Proposed Standard for Role Based Access Control”, In ACM Transactions on Information and System Security, vol. 4, no. 3.
Jaehong, P. Xinwen, Z. Sandhu, R., (2004) “Attribute Mutability in usage control”, In proceeding of DBSec’2004, pg. 15-19.
Nyachama, M., Osborn, S., (1999) “The Role Graph Model and Conflict of Interest”, In ACM TISSEC, vol. 2, no.1.
Park, J., Sandhu, R., (2004) “The UCONABC usage control model”, In ACM Transactions on Information and System Security, Vol. 7, Issue 1.
Saltzer, J.H., Schroeder, M.D., (1975) “The Protection of information in computer systems”, In proceedings of IEEE, vol. 63, no. 9, pp. 1278-1308.
Sandhu, R., (1998) “Role-Based Access Control”, In Advances in Computers. Academic Press, vol. 46.
Sandhu, R., Ferraiolo, D., Kuhn, R., (2000) “The NIST Model for Role-Based Access Control: Towards A Unified Standard”, In Proceedings of ACM Workshop on Role-Based Access Control, ACM Press.
Shoup, V., (2000) “Practical threshold signatures”, In Proceedings of Eurocrypt.
Simon, R., Zurko, M. E., (1997) “Separation of Duty in Role-based Environments”, In Proceedings of the 10th Computer Security Foundations Workshop.
Strembeck, M., Neumann, G., (2004) “An Integrated Approach to Engineer and Enforce Context Constrain in RBAC Enviroments”, In ACM transaction on Information and System Security, Vol. 7, no. 3.
Zhang, X., Nakae, M. Covington, M., Sandhu, R., (2006) “A usage-based authorization framework for collaborative computing systems”, In Proceedings of the eleventh ACM symposium on Access control models and technologies, pag. 180 – 189.
Ferraiolo, D., Barkley, J., Kuhn, R., (1999) “A Role Based Access Control Model and Reference Implementation within a Corporate Intranet”, In Proceedings of NIST. Acessado em Janeiro, 2007, http://hissa.nist.gov/rbac/RBACdist/rbac_v1.1_dist.tar.
Ferraiolo, D., Kuhn, R., (1992) “Role-Based Access Control”, In Proceedings of NIST - NCSC National Computer Security Conference.
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn,D.R., Chandramouli, R., (2001) “A Proposed Standard for Role Based Access Control”, In ACM Transactions on Information and System Security, vol. 4, no. 3.
Jaehong, P. Xinwen, Z. Sandhu, R., (2004) “Attribute Mutability in usage control”, In proceeding of DBSec’2004, pg. 15-19.
Nyachama, M., Osborn, S., (1999) “The Role Graph Model and Conflict of Interest”, In ACM TISSEC, vol. 2, no.1.
Park, J., Sandhu, R., (2004) “The UCONABC usage control model”, In ACM Transactions on Information and System Security, Vol. 7, Issue 1.
Saltzer, J.H., Schroeder, M.D., (1975) “The Protection of information in computer systems”, In proceedings of IEEE, vol. 63, no. 9, pp. 1278-1308.
Sandhu, R., (1998) “Role-Based Access Control”, In Advances in Computers. Academic Press, vol. 46.
Sandhu, R., Ferraiolo, D., Kuhn, R., (2000) “The NIST Model for Role-Based Access Control: Towards A Unified Standard”, In Proceedings of ACM Workshop on Role-Based Access Control, ACM Press.
Shoup, V., (2000) “Practical threshold signatures”, In Proceedings of Eurocrypt.
Simon, R., Zurko, M. E., (1997) “Separation of Duty in Role-based Environments”, In Proceedings of the 10th Computer Security Foundations Workshop.
Strembeck, M., Neumann, G., (2004) “An Integrated Approach to Engineer and Enforce Context Constrain in RBAC Enviroments”, In ACM transaction on Information and System Security, Vol. 7, no. 3.
Zhang, X., Nakae, M. Covington, M., Sandhu, R., (2006) “A usage-based authorization framework for collaborative computing systems”, In Proceedings of the eleventh ACM symposium on Access control models and technologies, pag. 180 – 189.
Published
2007-08-27
How to Cite
SILVA, Edemilson S. et al.
Extensões ao Modelo RBAC de Restrições para suportar Obrigações do UCONABC.
Proceedings of the Brazilian Symposium on Information and Computational Systems Security (SBSeg), [S.l.], p. 232-244, aug. 2007.
ISSN 0000-0000.
Available at: <https://sol.sbc.org.br/index.php/sbseg/article/view/20930>. Date accessed: 18 may 2024.
doi: https://doi.org/10.5753/sbseg.2007.20930.
Issue
Section
Full Papers
