Positive and Negative Authorizations to Access Protected Web Resources

Encheva, Sylvia; Tumin, Sharil

doi:10.1007/978-3-540-74573-0_9

Sylvia Encheva¹ &
Sharil Tumin²

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4658))

Included in the following conference series:

International Conference on Network-Based Information Systems

781 Accesses
1 Citations

Abstract

In this paper we present a model that can prevent conflict situations caused by applying both positive and negative authorizations for access to a resource. Such conflict situations may occur if an organization has decentralized administration, and/or several collaborating organizations have access to one resource and some of them apply positive authorizations while others apply negative authorizations. The proposed solution involves Belnap’s logic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Al-Kahtani, M., Sandhu, R.: Rule-based RBAC with negative authorization. In: 20th Annual Computer Security Applications Conference, Arizona (2004)
Google Scholar
Andress, M.: Access control. Information security magazine (2001)
Google Scholar
Barka, E., Sandhu, R.: Role-based delegation model/ hierarchical roles. In: 20th Annual Computer Security Applications Conference, Arizona (2004)
Google Scholar
Barkley, Beznosov, Uppal: Supporting relationships in access control using Role Based Access Control. In: Fourth ACM Workshop on Role-Based Access Control, ACM, New York (1999)
Google Scholar
Belnap, N.J.: How a computer should think. In Contemporary Aspects of Philosophy. In: Proceedings of the Oxford International Symposia, Oxford, GB, pp. 30–56 (1975)
Google Scholar
Belnap, N.J.: A useful four valued logic. In: Dunn, J.M., Epstain, G. (eds.) Modern uses of multiple-valued logic, pp. 8–37. D. Reidel Publishing Co., Dordrecht (1977)
Google Scholar
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal Role-Based Access Control model. ACM Tr. on ISS 3(3), 191–223 (2001)
Google Scholar
Bertino, E., Jajodia, S., Samarati, P.A: A Flexible Authorization Mechanism for Relational Data Management System. ACM Transactions on Information Systems 17(2), 101–140 (1999)
Article Google Scholar
Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.B.D.: XML-based specification for Web services document security. IEEE Computer 37(4) (2004)
Google Scholar
Chou, S-C.: L ⁿRBAC: A multiple-levelled Role-Based Access Control model for protecting privacy in object-oriented systems. J. of Object Technology 3(3), 91–120 (2004)
Google Scholar
Davey, B.A., Priestley, H.A.: Introduction to lattices and order. Cambridge University Press, Cambridge (2005)
Google Scholar
Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-Based Access Control (RBAC): Features and motivations. In: 1995 Computer Security Applications Conference, pp. 241–248 (1995)
Google Scholar
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.D., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)
Article Google Scholar
Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Computer Security Series (2003)
Google Scholar
Schwoon, S., Jha, S., Reps, T., Stubblebine, S.: On generalized authorization problems. In: Proc. 16th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, June 30 - July 2, 2003, pp. 202–218. IEEE Computer Society Press, Los Alamitos (2003)
Chapter Google Scholar
http://shibbolethinternet2.edu
Simon, R., Zurko, M.: Separation of duty in role-based environments. In: Proceedings of 10th IEEE Computer Security Foundations Workshop, Rockport, Mass, pp. 183–194 (1997)
Google Scholar
Strembeck, M.: Conflict checking of separation of duty constraints in RBAC-implementation experiences. http://wi.wu-wien.ac.at/home/mark/publications/se2004.pdf
Strembeck, M., Neumann, G.: An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Transactions on Information and System Security 7(3), 392–427 (2004)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Stord/Haugesund University College, Bjørnsonsg. 45, 5528 Haugesund, Norway
Sylvia Encheva
University of Bergen, IT-Dept., P.O. Box 7800, 5020 Bergen, Norway
Sharil Tumin

Authors

Sylvia Encheva
View author publications
You can also search for this author in PubMed Google Scholar
Sharil Tumin
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Tomoya Enokido Leonard Barolli Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Encheva, S., Tumin, S. (2007). Positive and Negative Authorizations to Access Protected Web Resources. In: Enokido, T., Barolli, L., Takizawa, M. (eds) Network-Based Information Systems. NBiS 2007. Lecture Notes in Computer Science, vol 4658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74573-0_9

Download citation

DOI: https://doi.org/10.1007/978-3-540-74573-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74572-3
Online ISBN: 978-3-540-74573-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics