Safety and Liveness for an RBAC/MAC Security Model
نویسندگان
چکیده
Our role-based/mandatory access control (RBAC/MAC) security model and enforcement framework for inter-operating legacy, COTS, GOTS, databases, servers, etc., limits: who (user/user role) can invoke which methods (based on value and MAC level) of artifact APIs at what times, and who (user) can delegate which responsibility (user role) at what times. In this chapter, we focus on assurance for the timeframe of access (of a user to a role, of a role to a method, etc.) and the attainment of the Simple Security Property (i.e., a subject cannot read information for which it is not cleared) and Simple Integrity Property (i.e., a subject is limited to writing information at its own level and lower), which together can be used to support safety and liveness.
منابع مشابه
Security Assurance for a Resource-based Rbac/dac/mac Security Model
middle model. These constructs are used to build security assurance rules and authorizations which will be presented in Chapter 5 and provide the basis for our security enforcement framework and prototype (see Chapter 6). The chapter details the design assumptions required to clearly establish the security model environment and security assurance requirements. This chapter concludes with a disc...
متن کاملRole Delegation for a Distributed, Unified RBAC/MAC*
The day-today operations of corporations and government agencies rely on inter-operating legacy, COTs, databases, clients, servers, etc., which are brought together into a distributed environment running middleware (e.g., CORBA, JINI, DCOM, etc.). Both access control and security assurance within these distributed applications is paramount. Of particular concern is the delegation of authority, ...
متن کاملFormal Analysis of Workflow Systems with Security Considerations
Security considerations, such as role-based access control (RBAC) mechanism and separation of duty (SoD) constraints, are important and integral to workflow systems. We propose the use of an equation-based method – the OTS/CafeOBJ method to specify workflow systems with such security considerations, and verify some desired safety and liveness properties of workflow systems. Specifically, a work...
متن کاملIntegrating Access Control into UML for Secure Software Modeling and Analysis
Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access ...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کامل