Rule-Based RBAC with Negative Authorization

A
ACSAC
2004
20th Annual Computer Security Applications Conference (ACSAC'04)
Abstract - Rule-Based RBAC with Negative Authorization

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mohammad A. Al-Kahtani Articles by Ravi Sandhu

20th Annual Computer Security Applications Conference (ACSAC'04)

Tucson, Arizona

December 06-December 10

ISBN: 0-7695-2252-1

	ASCII Text	x
	Mohammad A. Al-Kahtani, Ravi Sandhu, "Rule-Based RBAC with Negative Authorization," Computer Security Applications Conference, Annual, pp. 405-415, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004.

	BibTex	x
	@article{ 10.1109/CSAC.2004.32, author = {Mohammad A. Al-Kahtani and Ravi Sandhu}, title = {Rule-Based RBAC with Negative Authorization}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2004}, issn = {1063-9527}, pages = {405-415}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.32}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Rule-Based RBAC with Negative Authorization SN - 1063-9527 SP405 EP415 A1 - Mohammad A. Al-Kahtani, A1 - Ravi Sandhu, PY - 2004 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Mohammad A. Al-Kahtani, Computer Department of Saudi Air Defense

Ravi Sandhu, George Mason University & NSD Security

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.32

RBAC has proven to be a flexible and useful access control model in practice. Rule-Based RBAC family of models was developed based on RBAC to overcome some of its limitations. One particular model of this family, which we call RB-RBAC-ve, introduces the concept of negative authorization to the RBAC arena. This paper provides a more detailed analysis of RB-RBAC-ve. The analysis includes user authorization, conflict among rules, conflict resolution polices, the impact of negative authorization on role hierarchies and enforcement architecture.

Citation:

Mohammad A. Al-Kahtani, Ravi Sandhu, "Rule-Based RBAC with Negative Authorization," acsac, pp.405-415, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.