E. Lupu and M. Sloman. Reconciling role based management and role based access control. In Proceedings of the second ACM workshop on Role-based access control, pages 135--141. ACM Press, 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... BASED COLLABORATION MODEL Here, we illustrate our role based collaboration specification model through an example, which has been presented in [26, 27] Like our work, other RBAC models, such as Task Based Access Control (TBAC) 25] Team Based Access Control (TMAC) 24] role based management [13], and role based active security [1] address issues related to context sensitive access control constraints. In our model, an activity defines how a group of users cooperate towards some common objectives by performing their individual tasks on a set of shared objects. It represents a protection ....

E. C. Lupu and M. Sloman. Reconciling Role-Based Management and Role-Based Access Control. In ACM Workshop on Role-based Access Control, pages 135--141, 1997.

....9 summarises our contributions and concludes this paper. 2 Related Work This section describes some of the research which has been done into context aware, parameterised RBAC. As discussed in the introduction, most real world RBAC systems now provide parameterisation; early examples include [1, 9, 10, 12]. This trend has been further reinforced by the 2 specific parameterised models present in the NIST RBAC standards [15] Equally, many researchers have examined how to include dynamic environmental interaction in their RBAC models [1, 5, 6, 11] Note that some authors refer to the dynamic ....

Emil Lupu and Morris Sloman. Reconciling role based management and role based access control. In Proceedings of the second ACM workshop on Rolebased access control, pages 135--141, 1997.

....the simple enumeration of rules. It allows for the association of rules and sets into policies comprising the logical units of the desired model (see section 4. 3) Therefore SPL is model independent but not model less, it allows for the definition of complex RBAC models with parameterized roles [20, 26] and complex role constraints. It also allows for the definition of several forms of multilevel security [1] and relaxed forms of information flow security. In this section we present in detail each of the basic blocks comprising SPL and show how they are used in writing SPL security policies. ....

E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), pages 135--142, New York, Nov. 6--7 1997. ACM Press.

....and public cryptography. In order to provide reliability, Concordia employs a persistent store to periodically checkpoint an agent. But, this on disk representation may impose security risks, hence Concordia also encrypts this on disk representation of an agent. Sloman, Lupu and their colleagues [38, 39, 64] developed a role based security model for distributed object systems in a large scale, multi organizational enterprise. In their model a role can be defined in terms of the authorization and obligation policies. Such policies specify what actions an agent or a person having this role is permitted ....

E. C. Lupu and M. S. Sloman. Reconciling Role Based Management and Role Based Access Control. In Second Role Based Access Control Workshop (RBAC'97), pages 135--141, George Mason University, Virginia, 1997.

....EPub:university ABU:accredited ABU:accredited StateU StateU:stuID Alice; IEEE:member Alice 9 = 2.3 Parameterized roles In RBAC, a role name is an atomic string. It has been noted in the literature that this is sometimes too limited [12, 21]. An organization may contain large numbers of roles with few differences between them. For example, each project has a project leader role, and the rights of project leaders over documents of their projects is often the same. It is desirable to facilitate the reuse of these role permission ....

....them. For example, each project has a project leader role, and the rights of project leaders over documents of their projects is often the same. It is desirable to facilitate the reuse of these role permission relationships. To address this, the notion of parameterized roles was introduced in [12, 21] (it was called role templates in [12] RT 0 only allows atomic strings as role names. RT 1 extends RT 0 to allow parameterized roles. In RT 1 , a role name is constructed by applying a role identifier to a tuple of data terms. In this paper, we use r, often with subscripts, to denote role ....

Emil Lupu and Morris Sloman. Reconciling role based management and role based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC'97), pages 135--141, November 1997.

....values that dictate special access policies etc. This allows TMAC to model a richer set of access policies that are more closely tied to application needs. 3. TEAM BASED ACCESS CONTROL USING CONTEXTS (C TMAC) 3. 1 Integrating RBAC, TMAC and Contexts As noted by other researchers [5, 6, 7, 8] a variety of factors and contextual information (like time and location) have to be in considered when influencing the desirable behavior of an access control system during runtime. There are specific application areas, such as the healthcare ones, where it is difficult to define workflow tasks ....

Lupu E. and Sloman M. Reconciling Role Based Management and Role-based Access Control, Proceedings of the Second ACM Workshop on RBAC, Fairfax, VA, USA, 1997.

....Ponder will be used for operationalising the goals into management policies. 30 4.2. Mapping KAOS to Ponder : a hospital case study This section presents a case study to suggest some mapping from KAOS to Ponder. This hospital case study has been published in Ponder papers [Lup96] Lup97a] Lup97b] Lup99] It expresses requirements on nurses and doctors duties for appropriate care administration. The authors give the set of policies for the system. We will use the following methodology. We will first specify high level goals, then refine them and operationalise them into requirements. ....

E. Lupu, M. Sloman, "Reconciling Role Based Management and Role Based Access Control", Second Role Based Access Control Workshop (RBAC'97), George Mason University, Virginia, USA, Nov. 1997, pp 135-141. 94

....libraries (DLLs) even when placed in separate address spaces) in that they can be loaded into different execution contexts based on the needs of the requestor of their services. Contextsensitivity in access control is being addressed by some Role Based Access Control (RBAC) models [7, 13]. For example, principals can be parameterized, so that their permissions can be derived based on the runtime context. We examine the use of such models. The issue that each component may develop its own object space is more troublesome to enforcing security. In a system with a fixed set of ....

....that a principal can delegate to this component) themselves are contextdependent. For example, the permissions that the virtual memory system may delegate to the component may be dependent on the requestor application and virtual memory system s states. Parameterized access control models [7, 13] enable permissions to specified based on parameterized objects. For example, the memory objects to which a component can access may depend on those belonging to certain principals. However, changes in context can result in changes in assignment limits and, hence, changes in permissions. ....

E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In Proceedings of the Second ACM Role-Based Access Control Workshop, November 1997.

.... (to control access the local file system) network permissions (to control access to the network) window system (to open a window) context permissions (to use services of the context) and aglet permissions (to control the methods provided by an aglet) Sloman, Lupu and their colleagues [36, 37, 62] developed a role based security model for distributed object systems in a large scale, multi organizational enterprise. In their model a role can be defined in terms of the authorization and obligation policies. Such policies specify what actions an agent or a person having this role is permitted ....

E. C. Lupu and M. S. Sloman. Reconciling Role Based Management and Role Based Access Control. In Second Role Based Access Control Workshop (RBAC'97), pages 135--141, George Mason University, Virginia, 1997.

....violates organisational control principles as shown by [17] and introduces the need to cater for a substantial number of exceptions as often some access rights should not be inherited by senior roles from junior roles. A more detailed comparison between our work and RBAC models is presented in [18], and a study on the different types of role hierarchies in RBAC was presented in [ 19] There have been several attempts at deming Enterprise Viewpoint specifications by using the Unified Modelling Language UML possibly with added extensions [20] 21] 22] Proposals have alternated between ....

Lupu, E. C., and M. S. Sloman. Reconciling Role Based Management and Role Based Access Control. 2 ACMRole Based Access Control Workshop, Fairfax, VA, 1997 pp. 135-142.

....policies with the Subject Domain of the role as their subject. A role is thus a special case of a group, in which all the policies have the same subject. A person or automated agent can then be assigned to or removed from the position domain without changing the policies as explained in [9] See [8] for a discussion of the differences between RBAC and our Roles. The following role example includes the specification of the subject domain after the . inst role SecurityManager inst auth A1 . inst oblig O1 . inst group G . roles positionDomains SM 5.3 ....

Lupu, E.C. and M.S. Sloman. Reconciling Role Based Management and Role Based Access Control. In Proceedings of Second ACM/NIST Role Based Access Control Workshop. 1997a. Fairfax, Virginia, USA, ACM Press.

....rights down the role hierarchy may be undesirable. Furthermore, there may be multiple role role relationships. Thus, there may be several role hierarchies, each of which may lead to the inheritance of access rights determined by these relationships, between which it is useful to distinguish. In [2] we used a generalisation (isa) hierarchy based on professional competencies for the analysis of role hierarchies. On the other hand [3] used a generalisation hierarchy based on an organisation s functional hierarchy. Both these role hierarchies are valid and useful, but it is apparent that the ....

Lupu, E.C. and M.S. Sloman. Reconciling Role-Based Management and Role-Based Access Control. in 2nd ACM Workshop on Role-Based Access Control. 1997. George Mason University, Fairfax, Virginia, USA.

....[19] where roles relate to positions within an organisation. 5. Related Work The concepts of policies and roles occur in many different areas. Role Based Access Control, used for security [11] does not cater for the specification of obligations and adopts a different approach to role inheritance [20]. Object Oriented Modelling Frameworks [9,10] define role in a way similar to the ODP concept, as they consider roles as first class modelling elements in cases where the focus is on behaviour of an object with respect to interactions with other objects. The concept of association describes roles ....

E. C. Lupu and M. S. Sloman, "Reconciling Role Based Management and Role Based Access Control". In [12], pp. 135-142.

No context found.

E. Lupu and M. Sloman. Reconciling role based management and role based access control. In Proceedings of the second ACM workshop on Role-based access control, pages 135--141. ACM Press, 1997.

No context found.

Lupu, E. and Sloman, M., Reconciling Role Based Management and Role Based Access Control, Proceedings of the 2 nd ACM RBAC Workshop, Fairfax, VA, USA, 6-7 November 1997

No context found.

E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), pages 135--142, New York, Nov. 6--7 1997. ACM Press. 14

No context found.

E. C. Lupu and M. Sloman. Reconciling role-based management and role-based access control. In ACM Workshop on Role-based Access Control, pages 135--141, 1997.

No context found.

Lupu, E.C. and Sloman, M., Reconciling rolebased management and role-based access control, Proc. 2nd ACM Role-Based Access Control Workshop, November 1997.

No context found.

E. C. Lupu and M. Sloman. Reconciling Role-Based Management and Role-Based Access Control. In ACM workshop on Role-based Access Control, pages 135--141, 1997.

No context found.

E. Lupu, M. Sloman. Reconciling Role Based Management and Role Based Access Control. In Proc. of the 2nd ACM Workshop on Role-Based Access Control (RBAC-97), Fairfax, VA, USA, November 1997, ACM Press.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC