Title :
Policy contexts: controlling information flow in parameterised RBAC
Author :
Belokosztolszki, András ; Eyers, David M. ; Moody, Ken
Author_Institution :
Comput. Lab., Cambridge Univ., UK
Abstract :
Many RBAC models have augmented the fundamental requirement of a role abstraction with features such as parameterised roles and environment-aware policy. We examine the potential for unintentional leakage of information during RBAC policy enforcement, either through the exchange of parameters with external services when checking environmental conditions, or through a policy design which does not appropriately separate policy subsections with different basic purposes. We propose a simple, robust mechanism for handling these problems, and illustrate our approach with a current application of our OASIS RBAC system.
Keywords :
XML; authorisation; formal specification; OASIS RBAC system; environment-aware policy; environmental condition checking; information flow control; information leakage; parameter exchange; parameterised RBAC; parameterised role; policy context; policy design; policy enforcement; policy subsection separation; role abstraction; role-based access control; Access control; Authorization; Conferences; Control systems; Environmental factors; Humans; Mirrors; Performance analysis; Robust control; Security;
Conference_Titel :
Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on
Print_ISBN :
0-7695-1933-4
DOI :
10.1109/POLICY.2003.1206964
