Christos K. Georgiadis
Ioannis Mavridis
ABSTRACT
We discuss the integration of contextual information with team-based access control. The TMAC model was formulated by Thomas in [1] to provide access control for collaborative activity best accomplished by teams of users. In TMAC, access control revolves around teams, where a "team" is an abstraction that encapsulates a collection of users in specific roles and collaborating with the objective of accomplishing a specific task or goal. Users who belong to a team are given access to resources used by a team. However, the effective permissions of a user are always derived from permission types defined for roles that the user belongs to. TMAC is an example of what we call "active security models". These models are aware of the context associated with an ongoing activity in providing access control and thus distinguish the passive concept of permission assignment from the active concept of context-based permission activation. The ability to integrate contextual information allows models such as TMAC to be flexible and express a variety of access policies that can provide tight and just-in-time permission activation.
- 1.Thomas R.K. Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments, Proceedings of the Second ACM workshop on Role-based Access Control, Fairfax, VA USA, 1997. Google Scholar
Digital Library
- 2.NIST. Role Based Access Control, National Institute of Standards and Technology, 1999, available in URL: http://hissa.ncsl.nist.gov/rbacGoogle Scholar
- 3.NIST. An Introduction to Role-based Access Control, NIST CSL Bulletin on RBAC, National Institute of Standards and Technology, 1995, available in URL: http://csrc.nist.gov/nistbul/csl95-12.txtGoogle Scholar
- 4.Sandhu R. Role-Based Access Control, Advances in Computers, Vol.46, Academic Press, 1998.Google Scholar
- 5.ISO. ISO / IEC 10181-3 Model of Access Control, X/ Open Guide Basic Security Facilities - Authorization in Distributed Security Framework, 1994.Google Scholar
- 6.Beznosov K. Requirements for Access Control: US Healthcare domain, Proceedings of the Third ACM Workshop on Role-Based Access Control, October 1998, Fairfax, VA, USA, 1998. Google ScholarDigital Library
- 7.Lupu E. and Sloman M. Reconciling Role Based Management and Role-based Access Control, Proceedings of the Second ACM Workshop on RBAC, Fairfax, VA, USA, 1997. Google ScholarDigital Library
- 8.Giuri L. and Iglio P. Role Templates for Content-Based Access Control, Proceedings of the Second ACM Workshop on RBAC, Fairfax, VA, USA, 1997. Google ScholarDigital Library
- 9.Farrel S. and Housley R. An Internet Attribute Certificate Profile for Authorization, Internet Draft: draft.ietf.pkix.ac509prof-03.txt, work in progress, May 2000. Google ScholarDigital Library
- 10.Mavridis I., Georgiadis C., Pangalos G. and Khair M. Using Digital Certificates for Access Control in Clinical Intranet Applications. Journal Technology and Health Care, Vol. 8, Nos. 3, 4 (2000), ISSN 0928-7329, p. 173-174, IOS Press, 2000. Google ScholarDigital Library
- 11.Pernul G. Database Security, Advances in Computers, Vol.38, M.C. Yovits (Ed.), Academic Press, 1994.Google Scholar
- 12.Pangalos G. and Khair M. Design of a Secure Medical Database Systems, in IFIP/SEC'96, 12th international information security conference, 1996. Google ScholarDigital Library
- 13.Mavridis I., Pangalos G. and Khair M. eMEDAC: Rolebased Access Control Supporting Discretionary and Mandatory Features, Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, Washington, USA, 1999. Google ScholarDigital Library
Index Terms
- Flexible team-based access control using contexts
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Comments