- BAL97.Balfanz D., Gong L., "Experience with Secure Multi-Processing in Java", Technical Report 560-97, Department of Computer Science, Princeton University, September, 1997.Google Scholar
- BER94.Bertino E., Origgi F., Samarati P., "A New Authorization Model for Object-Oriented Databases", in Proceedings of the IFIP WG 11.3 Eight Annual Working Conference on Database Security, August 1994. Google ScholarDigital Library
- BER97.Bertino E., Ferrari E., Atluri V., "A Flexible Model Supporting the Specification and Enforcement of Role-based Authorizations in Workflow Management Systems", in Proceedings of Second ACM Workshop on Role-Based Access Control, ACM Press, 1997. Google ScholarDigital Library
- FER99.Ferraiolo D. F., Barkley J. F., Kuhn D. R., "A Role Based Access Control Model and Reference Implementation within a Corporate Intranet", ACM Transactions on Information and System Security, Volume 2, Number 1, February 1999. Google ScholarDigital Library
- GIU96.Giuri L., Iglio P., "A Formal Model For Role- Based Access Control with Constraints", in Proceedings of 9~' IEEE Computer Security Foundation Workshop, County Kerry, Ireland, June 10-12, 1996. Google ScholarDigital Library
- GIU98a.Giuri L., "An extension of the SQL/3 security model for a better support of role-based access control", Document ISO/IEC JTCI/SC21 WG3/DBL, n. CWB013, f tp : / / j erry. ece. umassd, edu/isowg3/db i/CWBdoc s/cwb0 13 .pdf.Google Scholar
- GIU98b.Giuri L., "Role-Based Access Control in Java", in Proceedings of Third ACM Workshop on Role-Based Access Control, ACM Press, 1998. Google ScholarDigital Library
- GON98.Gong L., "JavaTM Security Architecture (JDK 1.2)", draft document (revision 0.8), Sun Microsystems Inc., March 9, 1998.Google Scholar
- JAA99.Java Authentication and Authorization Service, http: //www. javasoft, com/security/jaas/.Google Scholar
- JAE95.Jaeger T., Prakasb A., "Requirements of Rolebased Access Control for Collaborative Systems", in Proceedings of First ACM Workshop on Role-Based Access Control, ACM Press, 1996 Google ScholarDigital Library
- MAR97.Martin D. M., Rajagopalan S., Rubin A. D., "Blocking Java Applets at the Firewall", in Proceedings of IEEE Symposium on Network and Distributed System Security, IEEE Computer Society Press, 1997. Google ScholarDigital Library
- MCG97.McGraw G., Felten W. F., Java Security: Hostile Applets, Holes and Antidotes, Jon Wiley & Sons, 1997. Google ScholarDigital Library
- MEH98.Mehta N., "Expanding and Extending the Security Features of Java", 7th USENIX Security Symposium Proceedings, San Antonio (Texas), Jan 1998. Google ScholarDigital Library
- SAN96.Sandhu R. S., Coyne E. J., Feinstein H., Youman C. E., "Role-Based Access Control Models", ACM Computer, Vol. 29, No. 2, February 1996. Google ScholarDigital Library
- SER99.Java Servlet API, http: //www. javasoft, corn /products / servlet /Google Scholar
- SQL99.Jim Melton (ed.), "ISO Final Draft International Standard (FDIS) Database Language SQL- Part 2: Foundation (S QL/Foundation)", ISO/IEC JTCltSC32 N00223Google Scholar
- WAL97.Wallach D. S., Balfanz D., Dean D., Felten E. W., "Extensible Security Architectures for Java", in Proceedings of 16'h Symposium on Operating System Principles, Saint-Malo, France, October 1997. Google ScholarDigital Library
- WAL98.Wallach D. S., Felten E. W., "Understanding Java Stack Inspection", in Proceedings of 1998 IEEE Symposium on Security and Privacy, Oakland, CA, May 1998.Google Scholar
- WAL99.Wallach D. S., "A New Approach to Mobile Code Security", Ph.D. dissertation, January 1999. Google ScholarDigital Library
Index Terms
- Role-based access control on the Web using Java
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Role-Based Access Control Models
Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Comments