Abstract
In this paper we present a model that can prevent conflict situations caused by applying both positive and negative authorizations for access to a resource. Such conflict situations may occur if an organization has decentralized administration, and/or several collaborating organizations have access to one resource and some of them apply positive authorizations while others apply negative authorizations. The proposed solution involves Belnap’s logic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Al-Kahtani, M., Sandhu, R.: Rule-based RBAC with negative authorization. In: 20th Annual Computer Security Applications Conference, Arizona (2004)
Andress, M.: Access control. Information security magazine (2001)
Barka, E., Sandhu, R.: Role-based delegation model/ hierarchical roles. In: 20th Annual Computer Security Applications Conference, Arizona (2004)
Barkley, Beznosov, Uppal: Supporting relationships in access control using Role Based Access Control. In: Fourth ACM Workshop on Role-Based Access Control, ACM, New York (1999)
Belnap, N.J.: How a computer should think. In Contemporary Aspects of Philosophy. In: Proceedings of the Oxford International Symposia, Oxford, GB, pp. 30–56 (1975)
Belnap, N.J.: A useful four valued logic. In: Dunn, J.M., Epstain, G. (eds.) Modern uses of multiple-valued logic, pp. 8–37. D. Reidel Publishing Co., Dordrecht (1977)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal Role-Based Access Control model. ACM Tr. on ISS 3(3), 191–223 (2001)
Bertino, E., Jajodia, S., Samarati, P.A: A Flexible Authorization Mechanism for Relational Data Management System. ACM Transactions on Information Systems 17(2), 101–140 (1999)
Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.B.D.: XML-based specification for Web services document security. IEEE Computer 37(4) (2004)
Chou, S-C.: L nRBAC: A multiple-levelled Role-Based Access Control model for protecting privacy in object-oriented systems. J. of Object Technology 3(3), 91–120 (2004)
Davey, B.A., Priestley, H.A.: Introduction to lattices and order. Cambridge University Press, Cambridge (2005)
Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-Based Access Control (RBAC): Features and motivations. In: 1995 Computer Security Applications Conference, pp. 241–248 (1995)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.D., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)
Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Computer Security Series (2003)
Schwoon, S., Jha, S., Reps, T., Stubblebine, S.: On generalized authorization problems. In: Proc. 16th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, June 30 - July 2, 2003, pp. 202–218. IEEE Computer Society Press, Los Alamitos (2003)
Simon, R., Zurko, M.: Separation of duty in role-based environments. In: Proceedings of 10th IEEE Computer Security Foundations Workshop, Rockport, Mass, pp. 183–194 (1997)
Strembeck, M.: Conflict checking of separation of duty constraints in RBAC-implementation experiences. http://wi.wu-wien.ac.at/home/mark/publications/se2004.pdf
Strembeck, M., Neumann, G.: An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Transactions on Information and System Security 7(3), 392–427 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Encheva, S., Tumin, S. (2007). Positive and Negative Authorizations to Access Protected Web Resources. In: Enokido, T., Barolli, L., Takizawa, M. (eds) Network-Based Information Systems. NBiS 2007. Lecture Notes in Computer Science, vol 4658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74573-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-74573-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74572-3
Online ISBN: 978-3-540-74573-0
eBook Packages: Computer ScienceComputer Science (R0)