The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2007 vol.5)
pp: 41-49
Ninghui Li , Purdue University
Elisa Bertino , Purdue University
ABSTRACT
Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.
INDEX TERMS
role-based access control, security, authorization management, standards
CITATION
Ninghui Li, Elisa Bertino, "A Critique of the ANSI Standard on Role-Based Access Control", IEEE Security & Privacy, vol.5, no. 6, pp. 41-49, November/December 2007, doi:10.1109/MSP.2007.158
REFERENCES
1. Role-Based Access Control, ANSI INCITS 359-2004, American Nat'l Standard for Information Technology, 2004.
2. T. Jaeger and J.E. Tidswell, "Rebuttal to the NIST RBAC Model Proposal," Proc. 5thACM Workshop on Role-Based Access Control, ACM Press, 2000, pp. 65–66.
3. R. Sandhu, D. Ferraiolo, and R. Kuhn, "The NIST Model for Role-Based Access Control: Towards a Unified Standard," Proc. 5th ACM Workshop on Role-Based Access Control, ACM Press, 2000, pp. 47–63.
4. D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and Systems Security, vol. 4, no. 3, Aug. 2001, pp. 224–274.
5. N. Li, J. Byun, and E. Bertino, A Critique of the ANSI Standard on Role-Based Access Control, tech. report 2005-29, Center for Education and Research in Information Security and Assurance, Purdue University, 2005.
6. J.H. Saltzer and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, vol. 63, no. 9, Sept. 1975, pp. 1278–1308.
7. R.S. Sandhu et al., "Role-Based Access Control Models," Computer, vol. 29, no. 2, Feb. 1996, pp. 38–47.
8. J. Crampton and G. Loizou, "Administrative Scope: A Foundation for Role-Based Administrative Models," ACM Trans. Information and System Security, vol. 6, no. 2, May 2003, pp. 201–231.
9. R.S. Sandhu, V. Bhamidipati, and Q. Munawer, "The ARBAC97 Model for Role-Based Administration of Roles," ACM Trans. Information and Systems Security, vol. 2, no. 1, Feb. 1999, pp. 105–135.
10. D.E. Bell and L.J. LaPadula, Secure Computer Systeavms: Unified Exposition and Multics Interpretation, tech. report ESD-TR-75-306, MITRECorp., Mar. 1976.
22 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool