ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An approach to engineer and enforce context constraints in an RBAC environment
Full text pdf formatPdf (378 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents
Como, Italy
SESSION: Constraints table of contents
Pages: 65 - 79  
Year of Publication: 2003
ISBN:1-58113-681-1
Authors
Gustaf Neumann  Vienna University of Economics and BA, Austria
Mark Strembeck  Vienna University of Economics and BA, Austria
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 143,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues   peer to peer  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775421
What is a DOI?

ABSTRACT

This paper presents an approach that uses special purpose RBAC constraints to base certain access control decisions on context information. In our approach a context constraint is defined as a dynamic RBAC constraint that checks the actual values of one or more contextual attributes for predefined conditions. If these conditions are satisfied, the corresponding access request can be permitted. Accordingly, a conditional permission is an RBAC permission which is constrained by one or more context constraints. We present an engineering process for context constraints, that is based on goal-oriented requirements engineering techniques, and describe how we extended the design and implementation of an existing RBAC service to enable the enforcement of context constraints. With our approach we aim to preserve the advantages of RBAC, and offer an additional means for the definition and enforcement of fine-grained context-dependent access control policies.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
N. R. Adam , V. Atluri , E. Bertino , E. Ferrari, A Content-Based Authorization Model for Digital Libraries, IEEE Transactions on Knowledge and Data Engineering, v.14 n.2, p.296-315, March 2002  [doi>10.1109/69.991718 ]
2
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
 
3
Annie I. Anton, Goal-Based Requirements Analysis, Proceedings of the 2nd International Conference on Requirements Engineering (ICRE '96), p.136, April 15-18, 1996
 
4
K. R. Apt , H. A. Blair , A. Walker, Towards a theory of declarative knowledge, Foundations of deductive databases and logic programming, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1988
 
5
Jean Bacon , Michael Lloyd , Ken Moody, Translating Role-Based Access Control Policy within Context, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.107-119, January 29-31, 2001
6
John Barkley , Konstantin Beznosov , Jinny Uppal, Supporting relationships in access control using role based access control, Proceedings of the fourth ACM workshop on Role-based access control, p.55-65, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319177]
7
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344298]
8
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001  [doi>10.1145/501978.501979]
9
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
 
10
J. Clark and S. DeRose. XML Path Language (XPath). http://www.w3.org/TR/xpath, November 1999. W3 Consortium Recommendation.
11
Eve Cohen , Roshan K. Thomas , William Winsborough , Deborah Shands, Models for coalition-based access control (CBAC), Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507727]
12
Michael J. Covington , Wende Long , Srividhya Srinivasan , Anind K. Dev , Mustaque Ahamad , Gregory D. Abowd, Securing context-aware applications using environment roles, Proceedings of the sixth ACM symposium on Access control models and technologies, p.10-20, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373258]
 
13
Anind K. Dey, Understanding and Using Context, Personal and Ubiquitous Computing, v.5 n.1, p.4-7, February 2001  [doi>10.1007/s007790170019 ]
14
Guy Edjlali , Anurag Acharya , Vipin Chaudhary, History-based access control for mobile code, Proceedings of the 5th ACM conference on Computer and communications security, p.38-48, November 02-05, 1998, San Francisco, California, United States  [doi>10.1145/288090.288102]
15
David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
 
16
Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
17
Christos K. Georgiadis , Ioannis Mavridis , George Pangalos , Roshan K. Thomas, Flexible team-based access control using contexts, Proceedings of the sixth ACM symposium on Access control models and technologies, p.21-27, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373259]
18
Luigi Giuri , Pietro Iglio, Role templates for content-based access control, Proceedings of the second ACM workshop on Role-based access control, p.153-159, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266773]
19
Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319175]
20
Trent Jaeger , Atul Prakash , Jochen Liedtke , Nayeem Islam, Flexible control of downloaded executable content, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.177-228, May 1999  [doi>10.1145/317087.317091]
21
Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
 
22
M. Jarke, X.T. Bui, and J.M. Carroll. Scenario management: An interdisciplinary approach. Requirements Engineering Journal, 3(3/4), 1998.
23
Myong H. Kang , Joon S. Park , Judith N. Froscher, Access control mechanisms for inter-organizational workflow, Proceedings of the sixth ACM symposium on Access control models and technologies, p.66-74, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373266]
 
24
Wooyoung Kim , Sven Graupner , Akhil Sahai , Dmitry Lenkov , Chetan Chudasama , Samuel Whedbee , Yuhua Luo , Bharati Desai , Howard Mullings , Pui Wong, Web E-Speak: Facilitating Web-Based E-Services, IEEE MultiMedia, v.9 n.1, p.43-55, January 2002  [doi>10.1109/93.978353 ]
25
Gustaf Neumann , Mark Strembeck, Design and implementation of a flexible RBAC-service in an object-oriented scripting language, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.501992]
26
Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507717]
 
27
G. Neumann and U. Zdun. XOTcl, an Object-Oriented Scripting Language. In Proc. of Tcl2k: 7th USENIX Tcl/Tk Conference, February 2000.
 
28
U. Nitsche, R. Holbein, O. Morger, and S. Teufel. Realization of a Context-Dependent Access Control Mechanism on a Commercial Platform. In Proc. of the 14th International Information Security Conference (IFIP/SEC), September 1998.
 
29
John K. Ousterhout, Tcl and the Tk toolkit, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1994
30
Charles E. Phillips, Jr. , T.C. Ting , Steven A. Demurjian, Information sharing and security in dynamic coalitions, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507726]
 
31
Colette Rolland , Georges Grosz , Régis Kla, Experience with Goal-Scenario Coupling in Requirements Engineering, Proceedings of the 4th IEEE International Symposium on Requirements Engineering, p.74, June 07-11, 1999
 
32
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845 ]
 
33
A. Schmidt, M. Beigl, and H.W. Gellersen. There is more to context than location. Computers & Graphics, Elsevier, 23(6), December 1999.
34
Roshan K. Thomas, Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, p.13-19, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266748]
 
35
Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
 
36
Axel van Lamsweerde, Goal-Oriented Requirements Engineering: A Guided Tour, Proceedings of the 5th IEEE International Symposium on Requirements Engineering, p.249, August 27-31, 2001
 
37
Axel van Lamsweerde , Emmanuel Letier, Handling Obstacles in Goal-Oriented Requirements Engineering, IEEE Transactions on Software Engineering, v.26 n.10, p.978-1005, October 2000  [doi>10.1109/32.879820 ]
38
Weigang Wang, Team-and-role-based organizational context and access control for cooperative hypermedia environments, Proceedings of the tenth ACM Conference on Hypertext and hypermedia : returning to our diverse roots: returning to our diverse roots, p.37-46, February 21-25, 1999, Darmstadt, Germany  [doi>10.1145/294469.294480]
 
39
M. Weiser. The Computer for the 21st Century. Scientific American, 265(3), September 1991.
40
Mark Weiser, Some computer science issues in ubiquitous computing, Communications of the ACM, v.36 n.7, p.75-84, July 1993  [doi>10.1145/159544.159617]
41
Walt Yao , Ken Moody , Jean Bacon, A model of OASIS role-based access control and its support for active security, Proceedings of the sixth ACM symposium on Access control models and technologies, p.171-181, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373294]

CITED BY  6
Li Yang , Raimund K. Ege , Huiqun Yu, Mediation security specification and enforcement for heterogeneous databases, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Xuhui Ao , Naftaly H. Minsky, On the role of roles: from role-based to role-sensitive access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
H. F. Wedde , Mario Lischka, Role-based access control in ambient and remote space, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
 
James B. D. Joshi , Elisa Bertino , Arif Ghafoor, An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.157-175, April 2005
Susanne Guth , Gustaf Neumann , Mark Strembeck, Experiences with the enforcement of access rights extracted from ODRL-based digital contracts, Proceedings of the 3rd ACM workshop on Digital rights management, October 27-27, 2003, Washington, DC, USA
 
Uwe Zdun , Mark Strembeck , Gustaf Neumann, Object-based and class-based composition of transitive mixins, Information and Software Technology, v.49 n.8, p.871-891, August, 2007

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Elicitation methods (e.g., rapid prototyping, interviews, JAD)

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Methodologies (e.g., object-oriented, structured)
      D.2.9 Management
          Subjects: Software process models (e.g., CMM, ISO, PSP); Life cycle
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Design, Management, Security

Collaborative Colleagues:
Gustaf Neumann: colleagues
Mark Strembeck: colleagues

Peer to Peer - Readers of this Article have also read:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player