Skip to main content
Log in

The base model of role-based access control and the “cost-risk” criterion of data processing

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

This paper analyzes the base model of role-based access control, specifically, the risks in developing an information-secure computational system. In developing the plan of the “cost-risk” analysis, the area of application should be identified on the basis of documents and on detailed knowledge of the given model of information security and software means. The requirements for role-based security models are defined.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Gerasimenko, V.A., Zashchita informatsii v avtomatizirovannykh sistemakh obrabotki dannykh (Protection of Information in Automated Treatment Systems), Moscow: Energoatomizdat, 1994, vol. 1.

    Google Scholar 

  2. Sukharev, E.M., Modeli tekhnicheskikh razvedok i ugroz bezopasnosti informatsii (Models of Technical Explorations and Threats to Safety of Information), Moscow: Radiotekhnika, 2003, vol. 3.

    Google Scholar 

  3. Venttsel’, E.S. and Ovcharov, L.A., Teoriya sluchainykh protsessov i ee inzhenernye prilozheniya, (Theory of Accidental Processes and Its Engineering Applications), Moscow: Nauka, 1991.

    Google Scholar 

  4. Devyanin, P.N., Modeli bezopasnosti komp’yuternykh sistem (Models of Computer System Safety), Moscow: Akademiya, 2005.

    Google Scholar 

  5. Zeifman, A., Bening, I., and Sokolov, I., Markovskie tsepi i modeli s nepreryvnym vremenem (Markov Chains and Models with Continuous Time), Moscow: Eleks, 2009.

    Google Scholar 

  6. Zegzhda, D.P. and Ivashko, A.M., Osnovy bezopasnosti informatsionnykh sistem (Fundamentals of Information System Safety), Moscow: Goryachaya liniya-Telekom, 2000.

    Google Scholar 

  7. Shakhanova, M.V., Sovremennye tekhnologii informatsionnoi bezopasnosti (Contemporary Technologies of Information Safety), Vladivostok: DVGTU, 2007.

    Google Scholar 

  8. Sandhu, R., Rationale for the RBAC96 Family of Access Control Models, Proc 2nd ACM Workshop on Role-Based Access Control, Fairfax, 1997.

  9. Esikov, O.V., Mathematical Model of Structure Optimization of Information Protection Mean Complexes in Contemporary Automated Systems of Data Treatment, Prib. Sist.Upr. Kontrol’, Diag., 2000, no. 4, pp. 1–4.

  10. Ferraiolo, D.R., Kuhn, D.R., and Sandhu, R., RBAC Standard Rationale: Comment on a Critique of the ANSI Standard on Role-Based Access Control, IEEE Secur. Priv., 2007, vol. 5, no. 6, pp. 51–53. http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-sandhu-07.pdf

    Article  Google Scholar 

  11. Abie, A. and Skomedal, A., Conceptual Formal Framework for Developing and Maintaining Security-Critical Systems, Int. J. Comp. Sci. Network Secur., 2005, vol. 5, no. 12, pp. 89–98.

    Google Scholar 

  12. Shakhanova, M.V. and Varlataya, S.K., Risk Analysis at Development of Requirements to the Information-Safety Technologies of Computation System Design, Materialy XI mezhdunarodnoi nauchno-tekhnicheskoi konferentsii “Informatsionnaya bezopasnost” (Proc. 11th Int. Sci.-Techn. Conf. ‘Information Safety’), Taganrog, 2010, part 1, pp. 104–109.

  13. Esikov, O.V., Sukharev, E.M., Kislitsyn, A.S, and Pruzhinin, A.V., Optimization of Structure of Information Protection Complex System in Contemporary Systems of Information Transmission and Treatment, Materialy NTK, posvyashchennoi 30-letiyu TsNIIRES (Proc. Sci.-Techn. Conf. Dedicated to 30th Anniversary of Central Scientific-Research Institute of Radioelectonic Systems), Moscow, 2001, vol. 8.

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to M. V. Shakhanova.

Additional information

Original Russian Text © M.V. Shakhanova, 2012, published in Avtomatika i Vychislitel’naya Tekhnika, 2012, no. 5, pp. 26–35.

About this article

Cite this article

Shakhanova, M.V. The base model of role-based access control and the “cost-risk” criterion of data processing. Aut. Control Comp. Sci. 46, 200–206 (2012). https://doi.org/10.3103/S0146411612050069

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411612050069

Keywords

Navigation