© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Obligation for Role Based Access Control
Gansen Zhao, David Chadwick, and Sassa Otenko
In IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS07), pages 182-196, May 2007.Abstract
Role based access control has been widely used in security critical systems. Conventional role based access control is a passive model, which makes authorization decisions on requests, and the authorization decisions contain only information about whether the corresponding requests are authorised or not. One of the potential improvements for role based access control is the augmentation of obligations, where obligations are tasked and requirements to be fulfilled together with the enforcement of authorization decisions. This paper conducts a comprehensive literature review about role based access control and obligation related research, and proposes a design of the augmentation of obligations in the context of RBAC standard. The design is then further consolidated in the PERMIS RBAC authorization infrastructure. Details of incorporating obligations into the PERMIS RBAC authorization infrastructure are given. This paper also discusses the possible nondeterminism caused by overlapped authorisation.
Download publication 171 kbytes (PDF)Bibtex Record
@inproceedings{2790,
author = {Gansen Zhao and David Chadwick and Sassa Otenko},
title = {{O}bligation for {R}ole {B}ased {A}ccess {C}ontrol},
month = {May},
year = {2007},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {},
url = {http://www.cs.kent.ac.uk/pubs/2007/2790},
publication_type = {inproceedings},
submission_id = {2061_1218031037},
booktitle = {IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS07)},
}