Skip to main content
SpringerLink
Log in

A Knowledge-Based Approach to Internet Authorizations

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2119))

Included in the following conference series:

  • 977 Accesses

Abstract

This paper proposes a knowledge-based approach to Internet authorizations using Public-Key Infrastructure (PKI) based digital certificates and Role-Based Access Control (RBAC). First, we introduce several existing access control models. Second, a logic-based policy specification language is given. Third, a policy-driven RBAC is presented. Fourth, a method of automatically assigning roles to users using digital certificates is discussed. Then, the architecture for Internet authorizations is described. Finally, a solution to remote policy enforcement is proposed. We also give the syntax of a role definition language and illustrate it in appendices A and B, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Attribute certificates-a new initiative in PKI technology, http://www.baltimore.com/library/whitepapers/acswp-hm.html.

  2. Dandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles, ACM Transactions on Information and System Security, 2(1), (1999) 105–135.

    Article  Google Scholar 

  3. Ellison C.: SPKI Certificate Documentation, http://www.pobox.com/~cme/html/spki.html.

  4. Edwards, N., Rees, O.: High Security Web Servers and Gateways, In Proc. of 6th International WWW Conference, (1997) 927–938.

    Google Scholar 

  5. Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: “SPKI Certificate Theory” Request for Comments: 2693, ftp://ftp.isi.edu/in-notes/rfc2693.txt.

  6. Ferraiolo, D. F., Barkley, J. F., Kuhn, D. R: A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet, ACM Transactions on Information and System Security, 2(1), (1999) 34–64.

    Article  Google Scholar 

  7. Ferraiolo, D. F., Cugini, J. A., Kuhn, D. R.: Role-Based Access Control (RBAC): Features and Motivations, In Proc. of 11th Annual Computer Security Applications Conf., (1995) 241–248, http://hissa.ncsl.nist.gov/rbac/newpaper/rbac.html.

  8. Gheorghiu, G., Ryutov, T., Neuman, B. C.: Authorization for Metacomputing Applications, In Proc. of the IEEE 7th International Symposium on High Performance Distributed Computing, (1998) 132–139.

    Google Scholar 

  9. Giuri, L., Iglio, P.: A formal model for role based access control with constraints, In Proc. of the Computer Security Foundations Workshop, (1996) 136–145.

    Google Scholar 

  10. Hashii, B., Malabarba, S., Pandey, R., Bishop, M.: Supporting Reconfigurable security Policies for Mobile Programs, Computer Networks, 33 (2000) 77–93.

    Article  Google Scholar 

  11. Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, http://www.hrl.il.ibm.com/TrustEstablishment/paper.htm.

  12. Hitchens, M., Varadharajan, V.: Issues in the Design of a Language for Role-Based Access Control, In Proc. of the 2nd International Conference on Information and Communications Security (ICICS’99), (1999) 22–38.

    Google Scholar 

  13. Hitchens, M., Varadharajan, V.: Elements of A Language for Role-Based Access Control, In Proc. of IFIP TC11 Sixteenth Annual Working Conference on Information Security, (2000) 371–380.

    Google Scholar 

  14. Jajodia, S., Samarati, P.: A Unified Framework for Enforcing Multiple Access Control Policies, SIGMOD RECORD, 26(2), (1997) 474–485.

    Article  Google Scholar 

  15. Johnston, W., Mudumbai, S., Thompson, M.: Authorization and Attribute Certificates for Widely Distributed Access Control, In Proc. of the IEEE 7th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE-98), (1998) 340–345.

    Google Scholar 

  16. Kuhn, D. R.: Mutual Exclusion of Roles as a Means of Implementing separation of Duty in Role-Based Access Control Systems, In Proc. of the 2nd ACM Workshop on Role-Based Access Control, 1997.

    Google Scholar 

  17. Li, N., Feigenbaum, J., Grosof, B.: A Logic-based Knowledge Representation for Authorization with Delegation, In Proc. of the 12th IEEE Computer Security Foundations Workshop, (1999) 162–174.

    Google Scholar 

  18. Lin, A., Brown, R.: The Application of Security Policy to Role-Based Access Control and the Common Data Security Architecture, Computer Communications, Vol. 23, No. 17, (2000) 1584–1593.

    Article  Google Scholar 

  19. Lin, P., Lin, L.: Security in Enterprise Networking: A Quick Tour, IEEE Communications Magazine, (1996)56–61.

    Google Scholar 

  20. Liu, Q., Shi, J., You, J.: Separation of Duty in Role-Based Access Control Model, In Proc. of IFIP/SEC2000 (part of thel6th IFIP World Computer Congress), (2000) 240–243.

    Google Scholar 

  21. Massacci, F.: Reasoning about Security: a Logic and a Decision Method for Role-Based Access Control, In Proc. of the International Joint Conference on Qualitative and Quantitative Practical Reasoning (ECSQARU/FAPR-97), Lecture Notes in Artificial Intelligence, Vol. 1244 (1997)421–435.

    Google Scholar 

  22. Na, S., Cheon, S.: Dynamic Role Assignment in Role-Based Access Control Systems, In Proc. of IFIP TC11 Sixteenth Annual Working Conference on Information Security, (2000) 248–252.

    Google Scholar 

  23. Sandhu, R. S.: Lattice-Based Access Control Models, IEEE Computer, 26(11), (1993) 9–19.

    Google Scholar 

  24. Sandhu, R. S., Coyne, E., Feinstein, H., Youman, C: Role-Based Access Control Models, IEEE Computer, 29(2), (1996) 38–47.

    Google Scholar 

  25. Seamons, K. E., Winsborough, W., Winslett, M.: Internet Credential Acceptance Policies, In Proc. of the Workshop on Logic Programming for Internet Applications, July 1997, http://www.transarc.com/~winsboro/papers/CAP.html.

  26. Thomson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-Based Access Control for Widely Distributed Resources, In Proc. of 8th Security Symposium, (1999)215–227.

    Google Scholar 

  27. Winslett, M., Ching, N., Jones, V., Slepchin, I.: Using Digital Credentials on the World-Wide Web, Journal of Computer Security 5(3) (1997) 255–267, http://drl.cs.uiuc.edu/pubs/ics97.ps.

    Google Scholar 

  28. Woo, T. Y. C, Lam, S. S.: Designing a Distributed Authorization Service, In Proc. of IEEE 17th International Conference on Computer Communications (INFOCOM’98), Vol. 2 (1998) 419–429.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol, BS34 8QZ, UK

    Along Lin

Authors
  1. Along Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, North Ryde, NSW, 2109, Australia

    Vijay Varadharajan  & Yi Mu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lin, A. (2001). A Knowledge-Based Approach to Internet Authorizations. In: Varadharajan, V., Mu, Y. (eds) Information Security and Privacy. ACISP 2001. Lecture Notes in Computer Science, vol 2119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47719-5_24

Download citation

  • DOI: https://doi.org/10.1007/3-540-47719-5_24

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42300-3

  • Online ISBN: 978-3-540-47719-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation