Abstract
A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures of RBAC, such as role, users and permission, are present in the language as basic constructs. Examples are given in the language of access control situations, such as static and dynamic separation of duty, delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bai, Y., and Varadharajan, V.: ‘A logic for state transformations in authorization policies”, Proceedings of the 10th IEEE Computer Security Foundations Workshop, Rockport MA, USA, 1997, IEEE Computer Society Press, pp. 173–183.
Brewer, D. and Nash, M.: ‘The Chinese Wall security policy’. Proceedings of the IEEE Symposium on Security and Privacy, Los Alamitos CA, USA, 1989, pp. 206–214.
Ferraiolo, D., and Kuhn, R.: ‘Role based access controls’, Proceedings of the 15th NIST-NCSC National Computer Security Conference, Baltimore MD, USA, 1992, pp. 554–563.
Hilchenbach, B.“ ‘Observations on the real-world implementation of role-based ccess control”, Proceedings of the 20th National Information Systems Security Conference, Baltimore MD, USA, 1997, pp. 341–52.
M. Hitchens & V. Varadharajan, “Issues in the Design of a Language for Role Based Access Control”, ICICS’99, pp. 22–38.
Jajodia, S., Smarati, P., and Subrahmanian, V.: ‘A logical language for expressing authorizations”, Proceedings of the IEEE Symposium on Security and Information Privacy, Oakland CA, USA, 1997, pp. 31–42.
Karger, P.: ‘Implementing commercial data integrity with secure Capabilities’, Proceedings of the IEEE Symposium on Security and Privacy, Oakland CA, USA, 1988, pp. 130–39.
Object Management Group (OMG), “CORBAservices: Common Object Services Specification” and “Security Services in Common Object Request Broker Architecture”, 1996–98.
Sandhu, R., Coyne, E., Feinstein, H., and Youman, C.: ‘Role-based access control: A Multi-Dimensional View”, 10th Annual Computer Security Applications Conference, Orlando FL, USA, 1994, IEEE CS Press, pp. 54–61.
Sandhu, R., and Feinstein, H.: ‘A three tier architecture for role-based access control’. Proceedings of the 17th NIST-NCSC National Computer Security Conference, Baltimore MD, USA, 1994, pp. 34–46.
Sandhu, R., Coyne, E.J., and Feinstein, H.L., ‘Role based access control models’, IEEE Computer, 1996, 29, (2), pp. 38–47.
Sandhu, R.: ‘Role Activation Hierarchies’, Proceedings of the 3rd ACM Workshop on Role Based Access Control, Fairfax VA, USA, 1998, pp. 33–40.
Simon, R., and Zurko, M.: ‘Separation of duty in role-based environments’. Proceedings of the 10th IEEE Computer Security Foundations Workshop, Rockport MA, USA, IEEE CS Press, 1997, pp. 183–94.
Varadharajan, V. and Allen, P.: ‘Joint action based authorisation schemes’, ACM Operating Systems Review, volume 30, (3), July 1996, pp. 32–45.
Varadharajan, V., Crall, C., and Pato, J.: ‘Authorization for enterprise wide distributed systems: Design and application”, Proceedings of the IEEE Computer Security Applications Conference, ACSAC’98, Scottsdale AZ, USA, 1998.
Zurko, M., Simon, R., and Sanfilippo, T.: ‘A user-centered, modular authorization service built on an RBAC foundation’, Proceedings of the IEEE Symposium on Security and Privacy, Oakland CA, USA, 1999. pp. 57–71.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hitchens, M., Varadharajan, V. (2001). Tower: A Language for Role Based Access Control. In: Sloman, M., Lupu, E.C., Lobo, J. (eds) Policies for Distributed Systems and Networks. POLICY 2001. Lecture Notes in Computer Science, vol 1995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44569-2_6
Download citation
DOI: https://doi.org/10.1007/3-540-44569-2_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41610-4
Online ISBN: 978-3-540-44569-2
eBook Packages: Springer Book Archive