ABSTRACT
Scope: a variety of things are expressed under the heading of access control: permission assignments, constraints, activations, transition, hierarchies, ect. What things really need to be expressed?Concepts: What modeling concepts are available to express these things? Where are we in understanding the usability of these models?Complexity-flexibility tradeoff: How do we make trade-offs between the flexibility of expression (expressive power) and applying more usable concepts? Can this be measured?Domain specificity: Improving ease of use often involves increasing the level of the specification using domain-specific techniques. What techniques are possible? How can we compare teh effectiveness of these techniques?Composition: How can the modularity of access control policies be leveraged? Is there any modularity?Completeness: How do we integrate access control effectively with support for audit and intrusion detection?
Index Terms
Making access control more usable
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Practical Role-Based Access Control
This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...
Comments