Entry Barker:2008:SBA from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Barker:2008:SBA,
  author =       "Steve Barker and Marek J. Sergot and Duminda
                 Wijesekera",
  title =        "Status-Based Access Control",
  journal =      j-TISSEC,
  volume =       "12",
  number =       "1",
  pages =        "1:1--1:??",
  month =        oct,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1410234.1410235",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Nov 11 15:54:06 MST 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Despite their widespread adoption, Role-based Access
                 Control (RBAC) models exhibit certain shortcomings that
                 make them less than ideal for deployment in, for
                 example, distributed access control. In the distributed
                 case, standard RBAC assumptions (e.g., of relatively
                 static access policies, managed by human users, with
                 complete information available about users and job
                 functions) do not necessarily apply. Moreover, RBAC is
                 restricted in the sense that it is based on one type of
                 ascribed status, an assignment of a user to a role. In
                 this article, we introduce the status-based access
                 control (SBAC) model for distributed access control.
                 The SBAC model (or family of models) is based on the
                 notion of users having an action status as well as an
                 ascribed status. A user's action status is established,
                 in part, from a history of events that relate to the
                 user; this history enables changing access policy
                 requirements to be naturally accommodated. The approach
                 can be implemented as an autonomous agent that reasons
                 about the events, actions, and a history (of events and
                 actions), which relates to a requester for access to
                 resources, in order to decide whether the requester is
                 permitted the access sought. We define a number of
                 algebras for composing SBAC policies, algebras that
                 exploit the language that we introduce for SBAC policy
                 representation: identification-based logic programs.
                 The SBAC model is richer than RBAC models and the
                 policies that can be represented in our approach are
                 more expressive than the policies admitted by a number
                 of monotonic languages that have been hitherto
                 described for representing distributed access control
                 requirements. Our algebras generalize existing algebras
                 that have been defined for access policy composition.
                 We also describe an approach for the efficient
                 implementation of SBAC policies.",
  acknowledgement = ack-nhfb,
  articleno =    "1",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "algebras; distributed security; logic; status-based
                 access control",
}

Related entries