The Experts below are selected from a list of 1513770 Experts worldwide ranked by ideXlab platform
Jason Crampton - One of the best experts on this subject based on the ideXlab platform.
-
Formal Aspects in Security and Trust - Cryptographic enforcement of Role-Based Access control
Lecture Notes in Computer Science, 2011Co-Authors: Jason CramptonAbstract:Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using Role-Based Access control policies rather than information flow policies. In this paper, we provide an alternative formulation of Role-Based Access control that enables us to apply existing cryptographic schemes to core and hierarchical Role-Based Access control policies. We then show that special cases of our cryptographic enforcement schemes for Role-Based Access control are equivalent to cryptographic enforcement schemes for temporal Access control and to ciphertext-policy and key-policy attribute-based encryption schemes. Finally, we describe how these special cases can be extended to support richer forms of temporal Access control and attribute-based encryption.
-
cryptographic enforcement of role based Access control
Formal Aspects in Security and Trust, 2010Co-Authors: Jason CramptonAbstract:Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using Role-Based Access control policies rather than information flow policies. In this paper, we provide an alternative formulation of Role-Based Access control that enables us to apply existing cryptographic schemes to core and hierarchical Role-Based Access control policies. We then show that special cases of our cryptographic enforcement schemes for Role-Based Access control are equivalent to cryptographic enforcement schemes for temporal Access control and to ciphertext-policy and key-policy attribute-based encryption schemes. Finally, we describe how these special cases can be extended to support richer forms of temporal Access control and attribute-based encryption.
-
Delegation in Role-Based Access control
International Journal of Information Security, 2008Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of Role-Based Access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.
-
Delegation in Role-Based Access control
International Journal of Information Security, 2008Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of Role-Based Access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.
-
Delegation in Role-Based Access Control
Lecture Notes in Computer Science, 2006Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for Role-Based Access control models have extensively studied grant delegations. However, transfer delegations for Role-Based Access control have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorise delegations in our model. In particular, we show that the use of administrative scope for authorising delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we compare our work with relevant work in the literature.
Hemanth Khambhammettu - One of the best experts on this subject based on the ideXlab platform.
-
Delegation in Role-Based Access control
International Journal of Information Security, 2008Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of Role-Based Access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.
-
Delegation in Role-Based Access control
International Journal of Information Security, 2008Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of Role-Based Access control models has extensively studied grant delegations, but transfer delegations have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorize delegations in our model. In particular, we show that the use of administrative scope for authorizing delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we study delegation in the context of workflow systems. In particular, we demonstrate the application of the administrative scope and administrative domain concepts to control delegation of tasks in worklist-based workflow systems.
-
Delegation in Role-Based Access Control
Lecture Notes in Computer Science, 2006Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for Role-Based Access control models have extensively studied grant delegations. However, transfer delegations for Role-Based Access control have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorise delegations in our model. In particular, we show that the use of administrative scope for authorising delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we compare our work with relevant work in the literature.
-
ESORICS - Delegation in Role-Based Access control
Computer Security – ESORICS 2006, 2006Co-Authors: Jason Crampton, Hemanth KhambhammettuAbstract:User delegation is a mechanism for assigning Access rights available to a user to another user. A delegation operation can either be a grant or transfer operation. Delegation for Role-Based Access control models have extensively studied grant delegations. However, transfer delegations for Role-Based Access control have largely been ignored. This is largely because enforcing transfer delegation policies is more complex than grant delegation policies. This paper, primarily, studies transfer delegations for Role-Based Access control models. We also include grant delegations in our model for completeness. We present various mechanisms that authorise delegations in our model. In particular, we show that the use of administrative scope for authorising delegations is more efficient than using relations. We also discuss the enforcement and revocation of delegations. Finally, we compare our work with relevant work in the literature.
Joan Borrell - One of the best experts on this subject based on the ideXlab platform.
-
Fuzzy Role-Based Access Control
Information Processing Letters, 2011Co-Authors: Carles Martínez-garcía, Guillermo Navarro-arribas, Joan BorrellAbstract:RBAC (Role-Based Access Control) is a widely used Access control model, which reduces the maintenance cost of classical identity-based Access control. However, despite the benefits of RBAC, there are environments in which RBAC can hardly be applied. We present FRBAC (Fuzzy Role-Based Access Control), a generalization of RBAC through fuzzy relations that extends the applicability of RBAC to environments where authorization-related information is vague. Moreover, FRBAC deals with environments where the actions that can be executed over the resources have a fractional meaning, as data lying in databases and risk-based Access control.
Vijayalakshmi Atluri - One of the best experts on this subject based on the ideXlab platform.
-
ICISS - An Administrative Model for Spatio-Temporal Role Based Access Control
Information Systems Security, 2013Co-Authors: Manisha Sharma, Shamik Sural, Vijayalakshmi Atluri, Jaideep VaidyaAbstract:In the present computing environment, Access control decisions are often based on contextual information like the location of users and objects as well as the time of making an Access request. Several variants of Role based Access Control RBAC have recently been proposed that support spatio-temporal policy specifications. However, unlike the administrative models available for RBAC, there is no reported literature on complete administrative models for spatio-temporal role based Access control. In this paper, we introduce an administrative model for the recently proposed ESTARBAC Enhanced Spatio-temporal Role based Access Control model and name it as ADMINESTAR Administrative model for Enhanced Spatio-Temporal Role based Access Control. ADMINESTAR defines a broad range of administrative rules and administrative operations. An instance of the set of administrative rules frames the currently effective administrative policy for the system. Administrative rules specify which administrative role can change which ESTARBAC entity. These ESTARBAC entities together define the system state which can be changed by administrative operations upon their successful execution under the control of defined administrative policies. ADMINESTAR would help in practical deployment of spatio-temporal role based Access control systems and also provide a means for their formal security analysis.
-
AMTRAC: An administrative model for temporal Role-Based Access control
Computers & Security, 2013Co-Authors: Manisha Sharma, Shamik Sural, Jaideep Vaidya, Vijayalakshmi AtluriAbstract:Over the years, Role Based Access Control (RBAC) has received significant attention in system security and administration. The Temporal Role Based Access Control (TRBAC) model is an extension of RBAC that allows one to specify periodic enabling and disabling of roles in a role enabling base (REB). While decentralized administration and delegation of administrative responsibilities in large RBAC systems is managed using an administrative role based Access control model like ARBAC97, no administrative model for TRBAC has yet been proposed. In this paper, we introduce such a model and name it AMTRAC (Administrative Model for Temporal Role based Access Control). AMTRAC defines a broad range of relations that control user-role assignment, role-permission assignment, role-role assignment and role enabling base assignment. Since the first three are similar to those in ARBAC97, the role enabling base assignment component has been discussed in detail in this paper. The different ways by which role enabling conditions of regular roles can be modified are first explained. We then show how to specify which of the administrative roles are authorized to modify the role enabling conditions of any regular role. An exhaustive set of commands for authorization enforcement along with their pre and postconditions is also presented. Together, this would facilitate practical deployment and security analysis of TRBAC systems.
Carles Martínez-garcía - One of the best experts on this subject based on the ideXlab platform.
-
Fuzzy Role-Based Access Control
Information Processing Letters, 2011Co-Authors: Carles Martínez-garcía, Guillermo Navarro-arribas, Joan BorrellAbstract:RBAC (Role-Based Access Control) is a widely used Access control model, which reduces the maintenance cost of classical identity-based Access control. However, despite the benefits of RBAC, there are environments in which RBAC can hardly be applied. We present FRBAC (Fuzzy Role-Based Access Control), a generalization of RBAC through fuzzy relations that extends the applicability of RBAC to environments where authorization-related information is vague. Moreover, FRBAC deals with environments where the actions that can be executed over the resources have a fractional meaning, as data lying in databases and risk-based Access control.
