A temporarily-spatially constrained model based on TRBAC (Task-Role Based Access Control) is proposed in workflow system. Temporary and spatial Constraint is that user is not only constrained by temporality, but also constrained by spatiality when user executes the task. The model suggests that a property of security level should be increased in task. The newly increased property can make the w...

The secure interaction between two or more administrative domains is a major concern. We examine the issues of secure interoperability between two security domains operating under the Role Based Access Control (RBAC) Model. We propose a model that quickly establishes a exible policy for dynamic role translation. The role hierarchies of the local and foreign domains can be manipulated through ou...

This paper describes a corrected and simplified specification of role-based access control (RBAC) based on the specification in the ANSI standard for RBAC. We give a complete specification of core RBAC, explaining the methodology we used in developing it; we then give a complete specification of hierarchical RBAC, with an additional option for managing the relationship on roles; and we also des...

The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...

Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...

Since its formalization RBAC has become the yardstick for the evaluation of access control formalisms. In order to meet organizational needs, it has been extended along several directions: delegation, separation of duty, history-based access control, etc. We propose in this paper an access control language in which RBAC and all the above-listed extensions can be encoded. In contrast with Cassan...

We consider the safety problem for Administrative RoleBased Access Control (ARBAC) policies, i.e. detecting whether sequences of administrative actions can result in policies by which a user can acquire permissions that may compromise some security goals. In particular, we are interested in sequences of safety problems generated by modifications (namely, adding/deleting an element to/from the s...

We demonstrate how one can use the formal concept analysis (FCA) to obtain the role hierarchy for the role based access control from the existing access control matrix. We also discuss assesed by means of FCA the quality of security system and finding users with excess permissions.

*) This work is supported by European ESPRIT III, project Nr. 8629. Abstract The paper describes authorization and access control in the IRO-DB database system, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative discretionary access control policy which supports positive, negative, as well as im...

Access control is important for protecting information integrity in workflow management system (WfMS). Compared to conventional access control technology such as discretionary, mandatory, and role-based access control models, task-role-based access control (TRBAC) model, an access control model based on both tasks and roles, meets more requirements for modern enterprise environments. However, f...