Abstract
Role-Based Access Control (RBAC) models have been available since the early 1990s. However, there is no well-understood methodology for using RBAC with an arbitrary application program. We highlight tradeoffs between the ANSI RBAC model and the Role Graph Model, and also enumerate different versions of each. We then discuss alternatives to bridging between an RBAC model and an ad hoc program. An example of the application of one of the alternatives is given.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ANSI: American national standard for information technology - role based access control. In: ANSI INCITS 359–2004. ANSI (2004)
Ferraiolo, D., Kuhn, D.R.: Role based access control. In: 15th National Computer security Conference, NIST/NSA (1992)
Nyanchama, M., Osborn, S.: Access rights administration in role-based security systems. In: Database Security, vol. VIII, pp. 37–56. North-Holland, Amsterdam (1994)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Loney, K.: Oracle Database 10g: The Complete Reference, 1st edn. McGraw-Hill, Osborne Media (2004)
Winsor, J.: Solaris Advanced System Administrator’s Guide. SunSoft Press, ZiffDavis Press (1993)
Faden, G.: RBAC in unix administration. In: RBAC 1999: Proceedings of the fourth ACM workshop on Role-based access control, pp. 95–101. ACM, New York (1999)
Khurana, H., Gavrila, S., Bobba, R., Koleva, R., Sonalker, A., Dinu, E., Gligor, V., Baras, J.: Integrated security services for dynamic coalitions. In: DARPA Information Survivability Conference and Exposition (DISCEX 2003), April 2003, vol. 2, pp. 38–40 (2003)
IBM Corporation: Enterprise Security Architecture using IBM Tivoli Security Solutions (2002)
BMC Software Inc.: Enterprise Security Station User Guide (Windows GUI) (2002)
Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Transactions on Information and Systems Security 2(1), 3–33 (1999)
Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next-generation database systems. ACM Trans. Database Syst. 16(1), 88–131 (1991)
Ionita, C., Osborn, S.: Privilege administration for the role graph model. In: Gudes, Shenoi (eds.) Database & Application Security, pp. 15–25. Kluwer, Dordrecht (2002)
Osborn, S.L.: Role-based access control. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy and Trust in Modern Data Management, pp. 55–70. Springer, Heidelberg (2007)
Shum, C.W.Y.: Integrating role based access control with application software. Master’s thesis, Dept. of Comp. Sci., University of Western Ontario (2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shum, C.WY., Osborn, S.L., Wang, H. (2008). A Methodology for Bridging between RBAC and an Arbitrary Application Program. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2008. Lecture Notes in Computer Science, vol 5159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85259-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-85259-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85258-2
Online ISBN: 978-3-540-85259-9
eBook Packages: Computer ScienceComputer Science (R0)