Abstract
To design a method of document access control with flexibility, generality and fine-granularity, we establish a document access control model, which is an abstract description for general scene of document access. Security policies are presented to describe security constraints, so as to meet security requirements of this model. In order to demonstrate the theories and strategies more intuitively, we design a prototype system of document access control based on XACML-RBAC framework to verify the validity of model and algorithms and the feasibility of mechanism. It realizes the authorization protection of the standard OFFICE documents.
This paper is supported by the National Defense Basic Scientific Research Program of China under grant No. A2120061061, which was accomplished in Software Engineering Institute of BeiHang University.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Yu, Y., Chiueh, T.C.: A solution against information theft due to insider attack. In: Proceedings of the 4th ACM Workshop on Digital Rights Management, pp. 31–39 (2004)
Lzaki, K., Tanaka, K.: Information flow control in role-based model for distributed objects. In: Parallel and Distributed Systems, pp. 363–370 (2001)
Pramanik, S., Sankaranarayanan, V., Upadhyaya, S.: Security Policies to Mitigate Insider Threat in the Document Control Domain. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), pp. 304–313 (2004)
Suranjan, P., Vidyaraman, S., Shambhu, U.: Security Policies to Mitigate Insider Threat in the Document Control Domain. In: Proceedings of the 20th Annual Computer Security Applications Conference, pp. 304–313 (2004)
Microsoft Windows Rights Management Services for Windows Server 2003 - Helping Organizations Safeguard Digital Information from Unauthorized Use (October 2003)
Gabillon, A., Capolsini, P.: Dynamic Security Rules for Geo Data. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 136–152. Springer, Heidelberg (2010)
Sun Microsystems, cs-xacml-rbac-profile-01, XACML Profile for Role Based Access Control (RBAC) (2004), http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control. ACM Transactions on Information and System Security 4(3), 191–223 (2001)
Gavrila, S.L., Barkley, J.F.: Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management. In: Proceedings of Third ACM Workshop on Role-Based Access Control, pp. 81–90 (1998)
Barkley, D.: Countering the Threat from Malicious Insiders.In: Computer Security Applications Conference, pp. 6–10 (2004)
Sandhu, R., Bhamidipati, V.: The ARBAC97 Model for Role-Based Administration of Roles. In: Proceeding of the Second ACM Workshop on Role-Based Access Control, pp. 41–50 (1997)
Steve, Z.: Challenges for information-flow security. Proceeding of the 1st International
Technical Overview of Windows Rights Management Services for Windows Server 2003. White paper. Microsoft Corporation (November 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mao, L., Yao, S., Zhang, K., Sakurai, K. (2011). Design and Implementation of Document Access Control Model Based on Role and Security Policy. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-25283-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25282-2
Online ISBN: 978-3-642-25283-9
eBook Packages: Computer ScienceComputer Science (R0)