Access the full text.
Sign up today, get DeepDyve free for 14 days.
W. Yao, K. Moody, J. Bacon (2002)
A model of OASIS role-based access control and its support for active securityACM Transactions on Information and System Security, 5
Basit Shafiq, J. Joshi, E. Bertino, A. Ghafoor (2005)
Secure interoperation in a multidomain environment employing RBAC policiesIEEE Transactions on Knowledge and Data Engineering, 17
J. Joshi, E. Bertino, Usman Latif, A. Ghafoor (2001)
Generalized Temporal Role Based Access Control Model (GTRBAC) Part I Specification and Modeling
J. Joshi, Rafae Bhatti, E. Bertino, A. Ghafoor (2004)
Access-control language for multidomain environmentsIEEE Internet Computing, 8
R. Sandhu, E. Coyne, H. Feinstein, C. Youman (1996)
Role-Based Access Control ModelsComputer, 29
R. Sandhu (1998)
Role activation hierarchies
Fahad Shaon, Sazzadur Rahaman, Murat Kantarcioglu (2001)
The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics PlatformsProceedings of the 39th Annual Computer Security Applications Conference
J. Crampton (2002)
Administrative scope and role hierarchy operations
A. Kern, A. Schaad, J. Moffett (2003)
An administration concept for the enterprise role-based access control model
J. Joshi, E. Bertino, Usman Latif, A. Ghafoor (2005)
A generalized temporal role-based access control modelIEEE Transactions on Knowledge and Data Engineering, 17
P. Bonatti, S. Vimercati, P. Samarati (2002)
An algebra for composing access control policiesACM Trans. Inf. Syst. Secur., 5
Sylvia Osborn, R. Sandhu, Q. Munawer (2000)
Configuring role-based access control to enforce mandatory and discretionary access control policiesACM Trans. Inf. Syst. Secur., 3
J. Joshi, E. Bertino, A. Ghafoor (2002)
Temporal hierarchies and inheritance semantics for GTRBAC
L. Gong, Xiaolei Qian (1996)
Computational Issues in Secure InteroperationIEEE Trans. Software Eng., 22
S. Dawson, S. Qian, P. Samarati (2004)
Providing Security and Interoperation of Heterogeneous SystemsDistributed and Parallel Databases, 8
Rafae Bhatti, A. Ghafoor, E. Bertino, J. Joshi (2005)
X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access controlACM Trans. Inf. Syst. Secur., 8
R. Sandhu, Q. Munawer (1999)
The ARBAC99 model for administration of rolesProceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
M. Al-Kahtani, R. Sandhu (2002)
A model for attribute-based user-role assignment18th Annual Computer Security Applications Conference, 2002. Proceedings.
Sejong Oh, R. Sandhu (2002)
A model for role administration using organization structure
P. Bonatti, M. Sapino, V. Subrahmanian (1996)
Merging Heterogeneous Security Orderings
The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to conflicts in the overall policy in a multidomain environment. The administration problem for enterprise-wide access control, therefore, not only includes authorization management for users and resources within a single domain but also conflict resolution among heterogeneous access control policies of multiple domains to allow secure interoperation within the enterprise. This work presents design and implementation of X-GTRBAC Admin, an administration model that aims at enabling administration of role-based access control (RBAC) policies in the presence of constraints with support for conflict resolution in a multidomain environment. A key feature of the model is that it allows decentralization of policy administration tasks through the abstraction of administrative domains, which not only simplifies authorization management, but is also fundamental to the concept of decentralized conflict resolution presented. The paper also illustrates the applicability of the outlined administrative concepts in a realistic enterprise environment using an implementation prototype that facilitates policy administration in large enterprises.
ACM Transactions on Information and System Security (TISSEC) – Association for Computing Machinery
Published: Nov 1, 2005
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.