Revocations - A classification
- 1 January 2001
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10636900,p. 44-58
- https://doi.org/10.1109/csfw.2001.930135
Abstract
In an ownership-based framework for access control, with the possibility of granting access and administrative rights, chains of granted accesses will form. This is a comprehensive study of the problem of revoking such rights, and on the impact different revocation schemes may have on the chains. Three main revocation characteristics are identified: the extent of the revocation to other grantees (propagation), the effect on other grants to the same grantee (dominance), and the permanence of the negation of rights (resilience). A classification is devised using these three dimensions. The different schemes thus obtained are described, and compared to other models from the literature.Keywords
This publication has 9 references indexed in Scilit:
- A logical language for expressing authorizationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Framework for role-based delegation modelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Flexible support for multiple access control policiesACM Transactions on Database Systems, 2001
- An extended authorization model for relational databasesIEEE Transactions on Knowledge and Data Engineering, 1997
- A unified framework for enforcing multiple access control policiesPublished by Association for Computing Machinery (ACM) ,1997
- A non-timestamped authorization model for data management systemsPublished by Association for Computing Machinery (ACM) ,1996
- On an authorization mechanismACM Transactions on Database Systems, 1978
- An authorization mechanism for a relational database systemACM Transactions on Database Systems, 1976
- System RACM Transactions on Database Systems, 1976