National Computer Security Center, "Integrity in Automated information System", C Technical Report 79-91, Library No. S237,254, September 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....it from happening. RBAC is group oriented because it relies on the assignment of subjects to roles. Each role has the ability to perform a certain subset of transactions; RBAC mechanisms adhere to the Principle of Least Privilege as discussed in Integrity in Automated Information Systems [24]. A role that a subject has is only granted the minimum privilege required to perform a task. RBAC is centralised in nature as it requires a system administrator to manage the assignment and revocation of roles to and from subjects. 24 3.2.3 Capability Access Control Capabilities provide access ....

National Computer Security Centre, "Integrity in Automated Information Systems," September 1991.

....policies within a single, unified system. Although complete policy coverage is an elusive goal, the PM is capable of expressing a broad spectrum of well known access control policies. Those we have tested so far include: Onedirectional Information Flow, Chinese Wall [BNCW89] N person Control [NCSC91] and DAC. These were selected partly because they are so well known, and partly because they differ greatly from one another. A further advantage of PM is that it is highly extensible, since it can be augmented with any new policy that a specific application or user may require. This paper will ....

National Computer Security Center, "Integrity in Automated information System", C Technical Report 79-91, Library No. S237,254, September 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC