Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information and Communications Security

ICICS 1999: Information and Communication Security pp 22–38Cite as

Issues in the Design of a Language for Role Based Access Control

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1726))

Abstract

In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. We discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. This paper describes the basic constructs of the language and the language is used to specify several access control policies such as role based access control, static and dynamic separation of duty, delegation as well as joint action based access policies. The language is flexible and is able to capture meta-level operations and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bai, Y., Varadharajan, V.: A Logic for State Transformations in Authorisation Policies. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp. 173–183 (1997)

    Google Scholar 

  2. Brewer, D., Nash, M.: The Chinese Wall Security Policy. IEEE Proceedings on Security and Privacy, 206–214 (1989)

    Google Scholar 

  3. Ferraiolo, D., Kuhn, R.: Role based Access Controls. In: 15th NIST-NCSC National Computer Security Conference (1992)

    Google Scholar 

  4. Giuri, L., Iglio, P.: Role Templates for Content-Based Access Control. In: 2nd ACM RBAC Workshop, pp. 153–159 (1997)

    Google Scholar 

  5. Goh, C.: Towards a more Complete Model of Role. In: 3rd ACM RBAC Workshop, pp. 55–61 (1998)

    Google Scholar 

  6. Hilchenbach, B.: Observations on the Real-World Implementation of Role-Based Access Control. In: National Information Systems Security Conference, pp. 341–352 (1997)

    Google Scholar 

  7. Hitchens, M., Varadharajan, V.: Specifying Role Based Access Control Policies for Object Systems (submitted for publication)

    Google Scholar 

  8. Jajodia S., Smarati, P., Subrahmanian, V.: A Logical Language for Expressing Authorizations. IEEE Proceedings on Security and Information Privacy (1997)

    Google Scholar 

  9. Karger, P.: Implementing Commercial Data Integrity with Secure Capabilities. In: IEEE Symposium on Security and Privacy, pp. 130–139 (1988)

    Google Scholar 

  10. Lupu E., Sloman, M.: Reconciling Role Based Management and Role Based Access control. In: 2nd ACM RBAC Workshop, pp. 135–141 (1997)

    Google Scholar 

  11. Moffett, J.: Control Principles and Role Hierarchies. In: 3rd ACM RBAC Workshop, pp. 63–69 (1998)

    Google Scholar 

  12. Object Management Group (OMG) : Security Services in Common Object Request Broker Architecture (1996)

    Google Scholar 

  13. Object Management Group (OMG), CORBAservices: Common Object Services Specification, OMG Document 97-07-04 (1997)

    Google Scholar 

  14. Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice-Hall, Englewood Cliffs (1997)

    Google Scholar 

  15. Sandhu, R.: Transaction Control Expressions For Separation of Duties. In: Fourth Aerospace Computer Security Applications Conference, pp. 282–286 (1988)

    Google Scholar 

  16. Sandhu, R.: Lattice-Based Access Control Models. IEEE Computer 11, 9–19 (1993)

    Google Scholar 

  17. Sandhu, R., Feinstein, H.: A Three Tier Architecture for Role-Based Access Control. In: 17th National Computer Security Conference, pp. 34–46 (1994)

    Google Scholar 

  18. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control: A Multi- Dimensional View. In: 10th Annual Computer Security Applications Conference, pp. 54–61 (1994)

    Google Scholar 

  19. Sandhu, R., Coyne, E.J., Feinstein, H.L.: Role based Access Control Models. IEEE Computer 2, 38–47 (1996)

    Google Scholar 

  20. Sandhu, R.: Role Activation Hierarchies. In: 3rd ACM RBAC Workshop, pp. 33–40 (1998)

    Google Scholar 

  21. Simon, R., Zurko, M.: Separation of Duty in Role-Based Environments. In: 10th Computer Security Foundations Workshop, pp. 183–194 (1997)

    Google Scholar 

  22. Varadharajan, V., Allen, P., Black, S.: Analysis of Proxy Problem in Distributed Systems. IEEE Proceedings on Security and Privacy (1991)

    Google Scholar 

  23. Varadharajan, V., Allen, P.: Joint Action based Authorisation Schemes. ACM Operating Systems Review 7 (1996)

    Google Scholar 

  24. Varadharajan, V., Crall, C., Pato, J.: Authorisation for Enterprise wide Distributed Systems: Design and Application. In: IEEE Computer Security Applications Conference (1998)

    Google Scholar 

  25. Zurko, M., Simon, R., Sanfilippo, T.: A User-Centred, Modular Authorisation Service Built on an RBAC Foundation. In: IEEE Symposium on Security and Privacy (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Basser Department of Computer Science, University of Sydney, NSW, Australia

    Michael Hitchens

  2. School of Computing and Information Technology, University of Western Sydney, Nepean, NSW, Australia

    Vijay Varadharajan

Authors
  1. Michael Hitchens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vijay Varadharajan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Macquarie University, Sydney, Australia

    Vijay Varadharajan

  2. Centre for Computer and Information Security Research School of Computer Science and Software Engineering, University of Wollongong, Australia

    Yi Mu

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hitchens, M., Varadharajan, V. (1999). Issues in the Design of a Language for Role Based Access Control. In: Varadharajan, V., Mu, Y. (eds) Information and Communication Security. ICICS 1999. Lecture Notes in Computer Science, vol 1726. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-47942-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-47942-0_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66682-0

  • Online ISBN: 978-3-540-47942-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation