An object-oriented organizational model to support dynamic role-based access control in electronic commerce applications

Cheng, Edward C.

doi:10.1109/hicss.1999.773053

Cited by 11 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The identification and authority component includes verification and authentication techniques associated with verifying users' identities and access rights (Budiarto and Masahiko 2002;Joshi et al 2001;Priem and Butler 2001). The data access control component consists of access control tools and equipment to control information access (Cheng 1999;Ferraiolo et al 2001;Gunter 2000;Zhang and Yang 2003), while the data encryption and decryption component consists of technology that functions to protect sensitive information from unauthorized access (Joshi et al 2001;Twitchell 2004;Velissarios and Santarossa 1999). The data storage and backup component includes backup devices that keep information accessible during system failures or data impairment (Twitchell 2004;Schultz et al 2001;Weill et al 2002).…”

Section: Is Security Infrastructure Resourcesmentioning

confidence: 99%

Information systems resources and information security

Chang

Wang

2010

Inf Syst Front

View full text Add to dashboard Cite

Recent studies suggest that the number of information security incidents has increased dramatically and has caused significant economic loss worldwide. Awareness of the significance of information security is evidenced by a rapid increase in information security investments. Despite the fact that information security has taken on a new level of importance, academic research on this subject is still in its infancy. A review of literature indicated that past studies largely took a resource based view, suggesting that organizations invest and develop a variety of IS resources so as to ease potential threats caused by information security breaches. However, the resourcebased perspective as used in previous studies was somewhat limited. Based on and extending from previous work, this study employed the resource-based view as a theoretical lens to examine the role that IS resources play in determining the level of information security. A field study was conducted to test the hypotheses. The results of the model testing show that IT human, relational, and infrastructure resources have significant impacts on information security.

show abstract

Section: Is Security Infrastructure Resourcesmentioning

confidence: 99%

Information systems resources and information security

Chang

Wang

2010

Inf Syst Front

View full text Add to dashboard Cite

show abstract

“…In [7] an object-oriented organizational model, OMM, is presented as an underlying model to support dynamic role definition. In [8] an organization and resource model is presented.…”

Section: Introductionmentioning

confidence: 99%

Integrate Policy based Management and Process based Management -- A New Approach for Workflow Management System

Song

2006

2006 10th International Conference on Computer Supported Cooperative Work in Design

View full text Add to dashboard Cite

Policy based management and process based management are two main management paradigms that are widely used in modern information management systems. To integrate the two paradigms and take the advantages from both, a conceptual framework is presented in this paper. Some key issues to implement the framework are addressed: during build time, policy definitions, translation and mapping among policies and sub-processes, and policy conflict detection and resolution; at run-time, interaction between policy server and workflow engine, policy-enabled component, and policy deployment. A simple example ofresource policy is provided

show abstract

“…More precisely, if a given permission is granted to a given role, then all users that play this role will inherit the given permission. Therefore, it is not possible to specify that a physician is permitted to have a direct access to the patient records, unless he/she is one of the physician's patient [12,13]. Moreover, as mentioned in the previous section, another limit of the RBAC model is that it only enables the administrator to specify permissions.…”

Section: Role Based Access Controlmentioning

confidence: 99%

Organization based access control

Kalam

Baida

Balbiani

et al.

Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks

347

188

View full text Add to dashboard Cite

None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care domain. In this paper, we suggest a new model that provides solutions to specify such contextual security policies. This model, called Organization based access control, is presented using a formal language based on firstorder logic.

show abstract

An object-oriented organizational model to support dynamic role-based access control in electronic commerce applications

Cited by 11 publications

References 19 publications

Information systems resources and information security

Information systems resources and information security

Integrate Policy based Management and Process based Management -- A New Approach for Workflow Management System

Organization based access control

Contact Info

Product

Resources

About