Abstract
OASIS is a distributed RBAC implementation with many extensions. Sound policy design will permit OASIS to protect the distributed resources whose access privileges it controls. However, through operating in a distributed environment, the underlying OASIS infrastructure is open to a number of potential attacks. This paper identifies three main classes of such attack and introduces techniques to extend both OASIS specifically, but also RBAC systems in general, to protect against them.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
References
J. Bacon, K. Moody, J. Bates, R. Hayton, C. Ma, A. McNeil, O. Seidel and M. Spiteri, Generic support for distributed applications, IEEE Computer, pp. 68–77, 2000.
J. Bacon, K. Moody and W. Yao, Access control and trust in the use of widely distributed services, Middleware, vol. 2218, pp. 300–315, 2001.
A. Belokosztolszki and K. Moody, Meta-policies for distributed role-based access control systems, Proceedings of the Third IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 106–115, 2002.
M. Covington, W. Long, S. Srinivasan, A. Dev, M. Ahamad and G. Abowd, Securing context-aware applications using environment roles, Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 10–20, 2001.
J. Hine, W. Yao, J. Bacon and K. Moody, An architecture for distributed OASIS services, Middleware, pp. 104–120, 2000.
S. Kandala and R. Sandhu, Extending the BFA workflow authorization model to express weighted voting, Proceedings of the IFIP WG 11.3 Conference on Database Security, pp. 145–159, 1999.
F. Lochowsky and C. Woo, Role-based security in data base management systems, in C. Landwehr (ed.), Database Security: Status and Prospects, North-Holland, Amsterdam, The Netherlands, pp. 209–222, 1988.
M. Nyanchama and S. Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security, vol. 2 (1), pp. 3–33, 1999.
R. Sandhu, Transaction control expressions for separation of duties, Proceedings of the Fourth Aerospace Computer Security Applications Conference, pp. 282–286, 1988.
R. Sandhu, E. Coyne, H. Feinstein and C. Youman, Role-based access control models, IEEE Computer, vol. 29 (2), pp. 38–47, 1996.
R. Sandhu, D. Ferraiolo and R. Kuhn, The NIST model for role-based access control: Towards a unified standard, Proceedings of the Fifth ACM Workshop on Role-Based Access Control, pp. 47–63, 2000.
R. Sandhu and P. Samarati, Access control: Principles and practice, IEEE Communications Magazine, vol. 32 (9), pp. 40–48, 1994.
R. Simon and M. Zurko, Separation of duty in role-based environments, Proceedings of the Tenth Computer Security Foundations Workshop, 1997.
W. Yao, K. Moody and J. Bacon, A model of OASIS role-based access control and its support for active security, Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 171181, 2001.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Belokosztolszki, A., Eyers, D. (2003). Shielding RBAC Infrastructures from Cyberterrorism. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive