Skip to main content
SpringerLink
Log in

Extended Role Based Access Control and Procedural Restrictions

  • Conference paper
Information Security and Cryptology - ICISC 2003 (ICISC 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2971))

Included in the following conference series:

  • 718 Accesses

Abstract

The current scheme of access control judges the legality of each access based on immediate information without considering associate information hidden in a series of accesses. Due to the limitation, access control systems do not efficiently limit attacks consist of allowed operations. For trusted operating system developments, we extended RBAC and added procedural constraints to refuse those attacks. With the procedural constraints, the access control of trusted operating systems can discriminate attack trials from normal behaviors. Also, extended RBAC keeps the principle of least privilege and separation of duty more precisely. This paper shows the specification of the extended concept and model, and presents simple analysis results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Department of Defense, Department of Defense Trusted Computer System Evaluation Criteria, Department of Defense Standard(DOD 5200.28-STD), Library Number S225, 711 (1985)

    Google Scholar 

  2. Gollmann, D.: Computer Security. John Wiley & Sons, Chichester (1999)

    Google Scholar 

  3. Amoroso, E.G.: Fundamentals of Computer Security Technology. AT&T Bell Laboratories, Prentice Hall PTR, Englewood Cliffs (1994)

    Google Scholar 

  4. Cray Research, UNICOS Multilevel Security (MLS) Feature User’s Guide, SG- 2111 10.0, Cray Research, Inc. (1990)

    Google Scholar 

  5. Branstad, M., Tajalli, H., Mayer, F.: Security issues of the Trusted Mach system. In: Proc. of 4th Aerospace Computer Security Applications Conference, pp. 362–367 (1998)

    Google Scholar 

  6. Flask, http://www.cs.utah.edu/flux/fluke

  7. Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proc. of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX 2001) (2001)

    Google Scholar 

  8. Ott, A.: The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension. In: 8th Int. Linux Kongress, Enschede (2001)

    Google Scholar 

  9. Trusted Solaris, http://wwws.sun.com/software/solaris/trustedsolaris/index.html

  10. Ptacek, T., Newsham, T.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection (1998)

    Google Scholar 

  11. Baker, D.: Fortresses built upon sand. In: Proceedings of the New Security Paradigms Workshop (1996)

    Google Scholar 

  12. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (1996)

    Google Scholar 

  13. Ferraiolo, D., Barkely, J.F., Kuhn, D.R.: A Role Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information Systems Security 1(2) (1999)

    Google Scholar 

  14. Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role Based Access Control: Features and Motivations. In: Proc. of Annual Computer Security Applications Conference. IEEE Computer Society Press, Los Alamitos (1995)

    Google Scholar 

  15. Barkley, J.F., Cincotta, V., Ferraiolo, D.F., Garrvrilla, S., Kuhn, D.R.: Role Based Access Control for the World Wide Web. In: NIST 20th National Computer Security Conference (1997)

    Google Scholar 

  16. Moffett, J.D.: Control Pinciples and Role Hierarchies. In: 3rd ACM Workshop on Role Based Access Control (RBAC), October 1998, pp. 22–23 (1998)

    Google Scholar 

  17. Koch, M., Mancini, L.V., Presicce, F.P.: A Graph-Based Formalism for RBAC. ACM Trancsactions on Information and System Security 5(3), 332–365 (2002)

    Article  Google Scholar 

  18. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security 4(3) (2001)

    Google Scholar 

  19. Bishop, M., Dilger, M.: Checking for Race Conditions in File Access. Computing Systems 2, 131–152 (1996)

    Google Scholar 

  20. [8lgm]-Advisory-20. UNIX.SunOS-sendmailV5.1 (August 1995), README

    Google Scholar 

  21. ITU-T SG/7 & Working Parties: Final text for recommendation X.812 Information Technology-Open Systems interconnection Security framework for open systems: Access control framework (1995)

    Google Scholar 

  22. Alloy, http://sdg.lcs.mit.edu/alloy/

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communications, Kwang-Ju Institute of Science and Technology, Oryong, Buk, Gwang-Ju, 500-712, Korea

    Wook Shin & Dong-Ik Lee

  2. National Security Research Institute, P.O.Box 1, Yuseong, Daejeon, 305-600, Korea

    Hyoung-Chun Kim, Jung-Min Kang & Jin-Seok Lee

Authors
  1. Wook Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dong-Ik Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hyoung-Chun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jung-Min Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jin-Seok Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Information Security Technologies (CIST), Korea University, Seoul, Korea

    Jong-In Lim

  2. CIST (Center for Information Security Technologies), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea

    Dong-Hoon Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shin, W., Lee, DI., Kim, HC., Kang, JM., Lee, JS. (2004). Extended Role Based Access Control and Procedural Restrictions. In: Lim, JI., Lee, DH. (eds) Information Security and Cryptology - ICISC 2003. ICISC 2003. Lecture Notes in Computer Science, vol 2971. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24691-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24691-6_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-21376-5

  • Online ISBN: 978-3-540-24691-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation