The NIST model for role-based access control

Sandhu, Ravi; Ferraiolo, David F.; Kühn, Richard

doi:10.1145/344287.344301

Cited by 695 publications

(409 citation statements)

References 15 publications

Supporting

Mentioning

392

Contrasting

Unclassified

Order By: Relevance

“…XACML [13] is an OASIS standard for the specification of access-control policies in XML and is ABAC [23] and RBAC [20] (two of the most successful access-control models) capable. Its flexibility to represent multiple policies for the same system and the fact of counting with a reference implementation, along Fig.…”

Section: Application Scenariosmentioning

confidence: 99%

Model-Driven Extraction and Analysis of Network Security Policies

Martínez

García-Alfaro

Cuppens

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Firewalls are a key element in network security. They are in charge of filtering the traffic of the network in compliance with a number of access-control rules that enforce a given security policy. In an always-evolving context, where security policies must often be updated to respond to new security requirements, knowing with precision the policy being enforced by a network system is a critical information. Otherwise, we risk to hamper the proper evolution of the system and compromise its security. Unfortunately, discovering such enforced policy is an error-prone and time consuming task that requires low-level and, often, vendor-specific expertise since firewalls may be configured using different languages and conform to a complex network topology. To tackle this problem, we propose a model-driven reverse engineering approach able to extract the security policy implemented by a set of firewalls in a working network, easing the understanding, analysis and evolution of network security policies.

show abstract

Section: Application Scenariosmentioning

confidence: 99%

Model-Driven Extraction and Analysis of Network Security Policies

Martínez

García-Alfaro

Cuppens

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…From the insider threat perspective, data harvesting and masquerading can both result in this type of anomaly. As an example, consider the following two queries to the database described in Table 1 Distinguishing these kinds of queries has received the most attention in the literature (e.g., [14]) especially in the context of masquerade detection and Role Based Access Control (RBAC) [26], where different user roles are associated with different authorizations and privilege levels. An attempt by one user-role to execute a query associated with another role indicates anomalous behavior and a possible attempt at masquerade.…”

Section: A Data-centric Taxonomy Of Query Anomaliesmentioning

confidence: 99%

A Data-Centric Approach to Insider Attack Detection in Database Systems

Mathew

Petropoulos

Ngo

et al. 2010

Lecture Notes in Computer Science

119

View full text Add to dashboard Cite

Abstract. The insider threat against database management systems is a dangerous security problem. Authorized users may abuse legitimate privileges to masquerade as another user or to maliciously harvest data. We propose a new direction to address the problem. We model users' access patterns by profiling the data points that users access, in contrast to analyzing the query expressions in prior approaches. Our data-centric approach is based on the key observation that query syntax alone is a poor discriminator of user intent, which is much better rendered by what is accessed. We present a feature-extraction method to model users' access patterns. Statistical learning algorithms are trained and tested using data from a real Graduate Admission database. Experimental results indicate that the technique is very effective, accurate, and is promising in complementing existing database security solutions. Practical performance issues are also addressed.

show abstract

“…The authors illustrate this by presenting a family of models with varying levels of complexity. More recently, Sandhu et al [15] have proposed the NIST RBAC model, which is an attempt to define a unified standard. The NIST RBAC model is actually a sequence of models, with each subsequent model containing an increased set of capabilities.…”

Section: Access Policiesmentioning

confidence: 99%

Modelling access policies using roles in requirements engineering

Crook

Ince

Nuseibeh

2003

Information and Software Technology

View full text Add to dashboard Cite

Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for eliciting and analysing these types of requirements, because they do not allow complex organisational structures and procedures that underlie policies to be represented adequately. This paper discusses roles and why they are important in the analysis of security. The paper relates roles to organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies. q

show abstract

The NIST model for role-based access control

Cited by 695 publications

References 15 publications

Model-Driven Extraction and Analysis of Network Security Policies

Model-Driven Extraction and Analysis of Network Security Policies

A Data-Centric Approach to Insider Attack Detection in Database Systems

Modelling access policies using roles in requirements engineering

Contact Info

Product

Resources

About