Managing role/permission relationships using object access types

Barkley, John; Cincotta, Anthony

doi:10.1145/286884.286901

Cited by 16 publications

(9 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We can see in figure 1.b, the kernel security layer in trusted operating system may comprise DAC, MAC, Least Privilege, auditing, or any more number of extra security features [5] [10]. features as we are using the trusted operating system for the same.…”

Section: Architecturementioning

confidence: 99%

Forward Engineering based Implementation of TOS in Social Networking

Pathak¹,

Sharma²,

Singh³

2014

IJCA

View full text Add to dashboard Cite

The present generation of youth begins the day with the Facebook or other social website. Hundreds of millions of people all over the world make use of social websites, Internet portals, blogs, Wikis, etc. These sites such as MySpace, Facebook and YouTube have the essential features and equipped with the necessary computing facilities to keep gigantic online communities get going with secure manner. Due to rapid growth of networking, use of social networking sites in day to day life, data sharing, computer security has made a vital part of computer research & development. For maintaining the security in various applications like Ecommerce Online goods and services, Banking, Marketplace services Advertising, Auctions, Comparison shopping, Mobile commerce Payment, Ticketing, An electronic payment system (EPS),Online insurance policy management, we have to use high secured operating systems. In this regard a number of extremely secure operating systems i.e. Trusted Operating Systems like SELinux, Argus, Trusted Solaris, Virtual Vault have been developed by companies such as Argus-Systems Group, Hewlett-Packard, and Sun Microsystems to handle the increasing need of security. Normally, due to high security reason these operating systems are being used in defense. But still these secure operating systems have limited scope in commercial sector and are not popular in corporate due to lower performance; actually this security will come at a cost. In this paper we will propose SPF Model to maintain the balance between security and performance for these operating systems. This SPF model of TOS can be implement for various applications. For implementation of these SPF based trusted operating system we propose object oriented based Code generation i.e. forward engineering i.e. process of generating source code from one or more OO Rational Rose model for web application like social networking. In this research paper we will discuss the issues and UML-based software development solutions for SPF to manage the security, performance and modeling for Social networking sites.As the architecture in Figure 1.b shows, the additional security checks in the kernel will cause Trusted Operating Systems to be slower than traditional operating systems [5]. If we implement the same trusted operating system for web applications like social networking sites, e-commerce sites, job portals, then we get lower performance but more security User Applications Middleware Read(),Write(), Send(),Receive(), Share (), Post (), etc. Kernel Security Checks in ordinary Operating Systems Rest of the Kernel Hardware Part (a) User Applications Middleware Read(),Write(), Send(),Receive(), Share (), Post (), etc.

show abstract

Section: Architecturementioning

confidence: 99%

Forward Engineering based Implementation of TOS in Social Networking

Pathak¹,

Sharma²,

Singh³

2014

IJCA

View full text Add to dashboard Cite

show abstract

“…The task is particularly difficult in that neither documentation nor source code for Windows NT session establishment is public information. Because RBAC/Web for Windows NT only implements [Barkley and Cincotta 1998], was implemented to manage role/permission relationships in the Windows NT environment.…”

Section: Rbac/web For Windows Ntmentioning

confidence: 99%

A role-based access control model and reference implementation within a corporate intranet

Ferraiolo

Barkley

Kuhn

1999

ACM Trans. Inf. Syst. Secur.

329

148

View full text Add to dashboard Cite

This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices.

show abstract

“…Barkley and Cincotta [9] have addressed this problem by developing a tool for administering the association between roles and permissions using the concept of objects that encapsulate transactions and the data used by these transactions. Their tool allows management of the association of objects with roles.…”

Section: Role-target Associationsmentioning

confidence: 99%

“…However as pointed out by Barkley and Cincotta [9] in their discussion of managing role-permission relationships using object access types, the literature on rolepermission relationships is still sparse. Our own research (discussed in the following section) on the working of large-scale financial institutions had made us conscious of the context sensitivity of the access privileges in such enterprises.…”

Section: Introductionmentioning

confidence: 99%

Structured management of role-permission relationships

Perwaiz

2001

Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

This paper describes a structured approach to managing Rolepermission relationships for implementing RBAC in large decentralized organizations. The paper begins by outlining the rationale behind this design followed by the description of its two main features. We show how the use of logical objectives (as opposed to physical objects) as targets of permissions can improve ease of use and accuracy of the administration process. We also describe a mechanism for viewing role-permission relationships in the context of organizational structures, which provides an opportunity for bringing about qualitative improvement in RABC implementation. We conclude by summing up the scope and limitations of our approach.

show abstract

Managing role/permission relationships using object access types

Abstract: The role metaphor in Role Based Access Control (RBAC) is particularly powerful in its ability to express access policy in terms of the way in which administrators view organizations.

Cited by 16 publications

References 2 publications

Forward Engineering based Implementation of TOS in Social Networking

Forward Engineering based Implementation of TOS in Social Networking

A role-based access control model and reference implementation within a corporate intranet

Structured management of role-permission relationships

Contact Info

Product

Resources

About