Authorization and antichains

Authorization and antichains (2002)

Cached

Download Links

by Jason Crampton

Venue:	University of London
Citations:	13 - 2 self

BibTeX

@TECHREPORT{Crampton02authorizationand,
    author = {Jason Crampton},
    title = {Authorization and antichains},
    institution = {University of London},
    year = {2002}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Access control has been an important issue in military systems for many years and is becoming in-creasingly important in commercial systems. There are three important access control paradigms: the Bell-LaPadula model, the protection matrix model and the role-based access control model. Each of these models has its advantages and disadvantages. Partial orders play a significant part in the role-based access control model and are also important in defining the security lattice in the Bell-LaPadula model. The main goal of this thesis is to improve the understanding and specification of access control models through a rigorous mathematical approach. We examine the mathematical foundations of the role-based access control model and conclude that antichains are a fundamental concept in the model. The analytical approach we adopt enables us to identify where improvements in the administration of role-based access control could be made. We then develop a new administrative model for role-based access control based on a novel, mathematical interpretation of encapsulated ranges. We show that this model supports discretionary access control features which have hitherto been difficult to incorporate into role-based access control frameworks.

Citations

944	Lattice-based access control models - Sandhu - 1993
914	On computable numbers, with an application to the Entscheidungsproblem - Turing - 1936
909	Introduction to Lattices and Order - Davey, Priestley - 1990
537	The protection of information in computer systems - Saltzer, Schroeder - 1975
513	Secure computer system: Unified exposition and Multics interpretation - Bell, LaPadula - 1975
477	A lattice model of secure information flow - Denning - 1976
458	Lattice Theory - Birkhoff - 1967
366	Integrity considerations for secure computer systems - Biba - 1977
353	L.J.: Secure computer systems: Mathematical foundations and model - Bell, Padula - 1973
321	Protection in operating systems - Harrison, Ruzzo, et al. - 1976
315	A calculus for access control in distributed systems - Abadi, Burrows, et al. - 1993
300	Proposed NIST Standard for RoleBased Access Control - Ferraiolo, Sandhu, et al. - 2001
266	D.: Role-based access control - Ferraiolo, Kuhn - 1992
238	Formal Languages and Their Relation to Automata - Hopcroft, Ullman - 1969
218	A Course in Universal Algebra - Burris, Sankappanavar - 1981
201	Computers and intractability - Garey, Johnson - 1979
197	Policy driven management for distributed systems - Sloman - 1994
172	A logical language for expressing authorizations - Jajodia, Samarati, et al. - 1997
168	lattice theory - Grätzer - 1978
168	The Art of Computer Programming: Fundamental Algorithms - Knuth - 1997
140	The arbac97 model for role-based administration of roles - Sandhu, Bhamidipati, et al. - 1999
131	Configuring Role-based Access Control to Enforce Mandatory and Discretionary Access Control Policies - Osborn, Sandhu, et al. - 2000
127	The NIST Model for Role-Based Access Control: Towards a Unified Standard - Sandhu, Ferrailo, et al. - 2000
116	Separation of Duty in Role-based Environments - Simon, Zurko - 1997
109	Specification and enforcement of authorization constraints in workflow management systems - Bertino, Ferrari, et al.
108	Role-Based Authorization Constraints Specification - Ahn, Sandhu - 2000
106	A variant of a recursively unsolvable problem - Post - 1946
105	The typed access matrix model - Sandhu - 1992
102	Lattice-based access controls - Sandhu - 1993
101	The Role Graph Model and Conflict of Interest - Nyanchama, Osborn - 1999
100	Genetic Algorithms and Grouping Problems - Falkenauer - 1998
91	Ein satz uber untermengen einer endlichen menge - Sperner - 1928
85	Ponder: A language specifying security and managements policies for distributed systems - Damianou, Dulay, et al. - 2000
77	Generic support for distributed applications - Bacon, Moody, et al.
76	Protection - Lampson - 1971
75	J.J.: Secure computer systems: a mathematical model, MITRE technical report 2547 - Bell, Padula - 1973
73	P.: Protection- principles and practice - Graham, Denning - 1972
70	Role-Based Access Control (RBAC): Features and Motivations - Ferraiolo, Cugini, et al. - 1995
69	Security models - McLean - 1994
67	On the formal definition of separation-of-duty policies and their composition - Gligor, Gavrila, et al. - 1998
66	A linear time algorithm for deciding subject security - Lipton, Snyder - 1977
65	OASIS: Access Control in an Open, Distributed Environment - Hayton, Bacon, et al. - 1998
60	Access rights administration in role-based security systems - Nyanchama, Osborn - 1994
60	Authorizations in distributed systems: A new approach - WOO, S - 1993
55	R.: “Framework for Role-Based Delegation Models - Barka, Sandhu - 2000
52	Introduction to Languages and the Theory of Computation - Martin - 1991
51	The schematic protection model: Its definition and analysis for acyclic attenuating schemes - Sandhu - 1988
49	A Role Based Access Control Model and Reference Implementation within a Corporate Intranet - Ferraiolo, Barkley, et al. - 1999
48	Role Activation Hierarchies - Sandhu
47	Introductory Combinatorics - Brualdi - 2010