Abstract
In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. We discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. This paper describes the basic constructs of the language and the language is used to specify several access control policies such as role based access control, static and dynamic separation of duty, delegation as well as joint action based access policies. The language is flexible and is able to capture meta-level operations and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bai, Y., Varadharajan, V.: A Logic for State Transformations in Authorisation Policies. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop, pp. 173–183 (1997)
Brewer, D., Nash, M.: The Chinese Wall Security Policy. IEEE Proceedings on Security and Privacy, 206–214 (1989)
Ferraiolo, D., Kuhn, R.: Role based Access Controls. In: 15th NIST-NCSC National Computer Security Conference (1992)
Giuri, L., Iglio, P.: Role Templates for Content-Based Access Control. In: 2nd ACM RBAC Workshop, pp. 153–159 (1997)
Goh, C.: Towards a more Complete Model of Role. In: 3rd ACM RBAC Workshop, pp. 55–61 (1998)
Hilchenbach, B.: Observations on the Real-World Implementation of Role-Based Access Control. In: National Information Systems Security Conference, pp. 341–352 (1997)
Hitchens, M., Varadharajan, V.: Specifying Role Based Access Control Policies for Object Systems (submitted for publication)
Jajodia S., Smarati, P., Subrahmanian, V.: A Logical Language for Expressing Authorizations. IEEE Proceedings on Security and Information Privacy (1997)
Karger, P.: Implementing Commercial Data Integrity with Secure Capabilities. In: IEEE Symposium on Security and Privacy, pp. 130–139 (1988)
Lupu E., Sloman, M.: Reconciling Role Based Management and Role Based Access control. In: 2nd ACM RBAC Workshop, pp. 135–141 (1997)
Moffett, J.: Control Principles and Role Hierarchies. In: 3rd ACM RBAC Workshop, pp. 63–69 (1998)
Object Management Group (OMG) : Security Services in Common Object Request Broker Architecture (1996)
Object Management Group (OMG), CORBAservices: Common Object Services Specification, OMG Document 97-07-04 (1997)
Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice-Hall, Englewood Cliffs (1997)
Sandhu, R.: Transaction Control Expressions For Separation of Duties. In: Fourth Aerospace Computer Security Applications Conference, pp. 282–286 (1988)
Sandhu, R.: Lattice-Based Access Control Models. IEEE Computer 11, 9–19 (1993)
Sandhu, R., Feinstein, H.: A Three Tier Architecture for Role-Based Access Control. In: 17th National Computer Security Conference, pp. 34–46 (1994)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control: A Multi- Dimensional View. In: 10th Annual Computer Security Applications Conference, pp. 54–61 (1994)
Sandhu, R., Coyne, E.J., Feinstein, H.L.: Role based Access Control Models. IEEE Computer 2, 38–47 (1996)
Sandhu, R.: Role Activation Hierarchies. In: 3rd ACM RBAC Workshop, pp. 33–40 (1998)
Simon, R., Zurko, M.: Separation of Duty in Role-Based Environments. In: 10th Computer Security Foundations Workshop, pp. 183–194 (1997)
Varadharajan, V., Allen, P., Black, S.: Analysis of Proxy Problem in Distributed Systems. IEEE Proceedings on Security and Privacy (1991)
Varadharajan, V., Allen, P.: Joint Action based Authorisation Schemes. ACM Operating Systems Review 7 (1996)
Varadharajan, V., Crall, C., Pato, J.: Authorisation for Enterprise wide Distributed Systems: Design and Application. In: IEEE Computer Security Applications Conference (1998)
Zurko, M., Simon, R., Sanfilippo, T.: A User-Centred, Modular Authorisation Service Built on an RBAC Foundation. In: IEEE Symposium on Security and Privacy (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hitchens, M., Varadharajan, V. (1999). Issues in the Design of a Language for Role Based Access Control. In: Varadharajan, V., Mu, Y. (eds) Information and Communication Security. ICICS 1999. Lecture Notes in Computer Science, vol 1726. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-47942-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-47942-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66682-0
Online ISBN: 978-3-540-47942-0
eBook Packages: Springer Book Archive