Composed SoD - Uma Proposta para Auxiliar Modelos de Controle de Acesso
Resumo
Uma das principais fontes de ataque ao sistema interno de empresas, ainda são os próprios funcionários. Os modelos de controle de acesso atuais não cobrem grupos organizados de funcionários mal intencionados. Este artigo propõe uma maneira de identificar estes grupos de usuários e verificar suas tarefas executadas e, desta forma, impedir maiores danos a empresa.Referências
Ferraiolo, D. and Kuhn, R. (1992). Role-based access control. In 15th NIST-NCSC National Computer Security Conference, pages 554–563, Gaithersburg, Maryland, United States. National Institute of Standards and Technology.
Joshi, J., Bertino, E., Latif, U., and Ghafoor, A. (2005). A generalized temporal rolebased access control model. In Knowledge and Data Engineering, IEEE Transactions on, page 19, Los Alamitos, CA. IEEE Computer Society Press.
Sandhu, R., Bhamidipati, V., Coyne, E., Ganta, S., and Youman, C. (1997). The ARBAC97 model for role-based administration of roles: Preliminary description and outline. In RBAC ’97: Proceedings of the second ACM workshop on Role-based access control, pages 41–50, New York, NY, USA. ACM Workshop on Role Based Access Control, ACM Press.
Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The nist model for role-based access control: towards a unified standard. In RBAC ’00: Proceedings of the fifth ACM workshop on Role-based access control, pages 47–63, New York, NY, USA. ACM workshop on Role-based access control, ACM Press.
Sandhu, R. S. (1996). Rationale for the RBAC96 family of access control models. In RBAC ’95: Proceedings of the first ACM Workshop on Role-based access control, page 9, New York, NY, USA. ACM Workshop on Role-based access control, ACM Press.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., , and Youman, C. E. (1996). Role based access control models. Computer IEEE, 29(2):38–47.
Joshi, J., Bertino, E., Latif, U., and Ghafoor, A. (2005). A generalized temporal rolebased access control model. In Knowledge and Data Engineering, IEEE Transactions on, page 19, Los Alamitos, CA. IEEE Computer Society Press.
Sandhu, R., Bhamidipati, V., Coyne, E., Ganta, S., and Youman, C. (1997). The ARBAC97 model for role-based administration of roles: Preliminary description and outline. In RBAC ’97: Proceedings of the second ACM workshop on Role-based access control, pages 41–50, New York, NY, USA. ACM Workshop on Role Based Access Control, ACM Press.
Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The nist model for role-based access control: towards a unified standard. In RBAC ’00: Proceedings of the fifth ACM workshop on Role-based access control, pages 47–63, New York, NY, USA. ACM workshop on Role-based access control, ACM Press.
Sandhu, R. S. (1996). Rationale for the RBAC96 family of access control models. In RBAC ’95: Proceedings of the first ACM Workshop on Role-based access control, page 9, New York, NY, USA. ACM Workshop on Role-based access control, ACM Press.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., , and Youman, C. E. (1996). Role based access control models. Computer IEEE, 29(2):38–47.
Publicado
28/08/2006
Como Citar
SAKAUE, Eduardo; ALMEIDA, Felipe A..
Composed SoD - Uma Proposta para Auxiliar Modelos de Controle de Acesso. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 6. , 2006, Santos.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2006
.
p. 290-293.
DOI: https://doi.org/10.5753/sbseg.2006.20958.
