Abstract
Our role-based/mandatory access control (RBAC/MAC) security model and enforcement framework for inter-operating legacy, COTS, GOTS, databases, servers, etc., limits: who (user/user role) can invoke which methods (based on value and MAC level) of artifact APIs at what times, and who (user) can delegate which responsibility (user role) at what times. In this chapter, we focus on assurance for the timeframe of access (of a user to a role, of a role to a method, etc.) and the attainment of the Simple Security Property (i.e., a subject cannot read information for which it is not cleared) and Simple Integrity Property (i.e., a subject is limited to writing information at its own level and lower), which together can be used to support safety and liveness.
Chapter PDF
Similar content being viewed by others
References
K. Alford, et al., “Information Assurance Pedagogy,” Proc. of IEEE Info. Assurance Wksp., 2001.
B. Alpern and F. Schneider, “Defining Liveness,” Information Processing Letters, Vol. 21, No. 4, 1985.
D. Bell and L. LaPadula, “Secure Computer Systems: Mathematical Foundations Model,” M74-244, Mitre Corp., Bedford, MA, 1975.
E. Bertino, et al., “TRBAC: A Temporal Role-Based Access Control Model,” Proc. of 5th ACM Wksp. on RBAC, 2000.
K. J. Biba, “Integrity Considerations for Secure Computer Systems,” TR-3153, Mitre Corp, Bedford, MA, 1977.
S. Gavrila and J. Barkley, “Formal Specification For Role Based Access Control User/Role and Role/Role Relationship Management,” Proc. of the 3rd ACM Wksp. on RBAC, 1998.
Joint Operational Support Ctr., http://gccs.disa.mil/gccs/, 1999.
L. Lamport, “Proving the Correctness of Multiprocess Programs,” IEEE Trans. on Software Engineering, Vol. 3, No. 2, 1977.
M. Liebrand, et al., “Role Delegation for a Resource-Based Security Model,” Data and Applications Security: Developments and Directions II, E. Gudes and S. Shenoi (eds.), Kluwer, 2003.
W. Maconachy, et al., “A Model for Information Assurance: An Integrated Approach,” Proc. of IEEE Info. Assurance Wksp., 2001.
J. McCumber, “Information Systems Security: A Comprehensive Model,” Proc. of the 14th Natl. Computer Security Conf., 1991.
S. Osborn, et al., “Configuring Role-Based Access Control to Enforce Mandatory And Discretionary Access Control Policies,” ACM Trans. on Information and System Security, Vol. 3, No. 2, 2000.
C. Phillips, et al., “Security Engineering for Roles and Resources in a Distributed Environment,” Proc. of 3rd ISSEA Conf., 2002.
C. Phillips, et al., “Towards Information Assurance in Dynamic Coalitions,” Proc. of 2002 IEEE Info. Assurance Wksp., 2002.
R. Sandhu, “Lattice-Based Access Control Models,” Computer Journal, Vol. 26, No. 11, 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Phillips, C., Demurjian, S., Ting, T.C. (2004). Safety and Liveness for an RBAC/MAC Security Model. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_23
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive