• DocumentCode
    1565394
  • Title

    Policy contexts: controlling information flow in parameterised RBAC

  • Author

    Belokosztolszki, András ; Eyers, David M. ; Moody, Ken

  • Author_Institution
    Comput. Lab., Cambridge Univ., UK
  • fYear
    2003
  • Firstpage
    99
  • Lastpage
    110
  • Abstract
    Many RBAC models have augmented the fundamental requirement of a role abstraction with features such as parameterised roles and environment-aware policy. We examine the potential for unintentional leakage of information during RBAC policy enforcement, either through the exchange of parameters with external services when checking environmental conditions, or through a policy design which does not appropriately separate policy subsections with different basic purposes. We propose a simple, robust mechanism for handling these problems, and illustrate our approach with a current application of our OASIS RBAC system.
  • Keywords
    XML; authorisation; formal specification; OASIS RBAC system; environment-aware policy; environmental condition checking; information flow control; information leakage; parameter exchange; parameterised RBAC; parameterised role; policy context; policy design; policy enforcement; policy subsection separation; role abstraction; role-based access control; Access control; Authorization; Conferences; Control systems; Environmental factors; Humans; Mirrors; Performance analysis; Robust control; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on
  • Print_ISBN
    0-7695-1933-4
  • Type

    conf

  • DOI
    10.1109/POLICY.2003.1206964
  • Filename
    1206964
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1565394