Organization based access control
Top Cited Papers
- 2 March 2004
- proceedings article
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
None of the classical access control models such asDAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rulesrelated to permissions, prohibitions, obligations andrecommendations. This is typically the case of security policies that apply to the health care domain. In this paper, we suggest a new model that providessolutions to specify such contextual security policies.This model, called Organization based access control,is presented using a formal language based on first-order logic.Keywords
This publication has 14 references indexed in Scilit:
- Combining components and policiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Temporal hierarchies and inheritance semantics for GTRBACPublished by Association for Computing Machinery (ACM) ,2002
- Merging regulations: Analysis of a practical exampleInternational Journal of Intelligent Systems, 2001
- Proposed NIST standard for role-based access controlACM Transactions on Information and System Security, 2001
- A Type/Domain Security Policy for Internet Transmission, Sharing, and Archiving of Medical and Biological DataPublished by Springer Nature ,2001
- TRBACPublished by Association for Computing Machinery (ACM) ,2000
- The ARBAC97 model for role-based administration of rolesACM Transactions on Information and System Security, 1999
- Formal specification for role based access control user/role and role/role relationship managementPublished by Association for Computing Machinery (ACM) ,1998
- Role-based access control modelsComputer, 1996
- Protection in operating systemsCommunications of the ACM, 1976