About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
3rd International ICST Symposium on Information Assurance and Security

Research Article

Function-Based Authorization Constraints Specification and Enforcement

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1109/IAS.2007.40,
        author={ Wei  ZhoU and  Christoph  Meinel},
        title={Function-Based Authorization Constraints Specification and Enforcement},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Access control  authorization constraints  constraints enforcement  constraints specification},
        doi={10.1109/IAS.2007.40}
    }
    
  • Wei ZhoU
    Christoph Meinel
    Year: 2007
    Function-Based Authorization Constraints Specification and Enforcement
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.40
Wei ZhoU1,*, Christoph Meinel1,*
  • 1: Hasso-Plattner-Institute University of Potsdam D-14482 Potsdam, Germany
*Contact email: wei.zhou@hpi.uni-potsdam.de, meinel@hpi.uni-potsdam.de

Abstract

Constraints are an important aspect of role-based access control (RBAC) and its different extensions. They are often regarded as one of the principal motivation behind these access control models. In this paper, we introduce two novel authorization constraint specification schemes named as prohibition constraint scheme and obligation constraint scheme. Both of them can be used for expressing and enforcing authorization constraints. These schemes strongly bind to authorization entity set functions and authorization entity relation functions, so they can provide the system designers a clear view about which functions should be defined in an authorization constraint system. Based on these functions, different kinds of constraint schemes can be easily defined. The security administrators can use these functions to create constraint schemes for their day-to-day operations. The constraint system can be scalable through defining new functions. This approach goes beyond the well known separation of duty constraints, and considers many aspects of entity relation constraints.

Keywords
Access control authorization constraints constraints enforcement constraints specification
Published
2007-09-10
Publisher
IEEE
Modified
2011-08-02
http://dx.doi.org/10.1109/IAS.2007.40
Copyright © 2007–2025 IEEE
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL