Title :
Security assurance for an RBAC/MAC security model
Author :
Phillips, Charles E., Jr. ; Demurjian, Steven A. ; Ting, T.C.
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., US Mil. Acad., West Point, NY, USA
Abstract :
Corporations and government agencies rely on inter-operating software artifacts (e.g., legacy, COTS, GOTS, databases, servers, etc.) and client applications, brought together by middleware (e.g., CORBA, JINI, .NET, etc.), supporting unrestricted access to application programmer interfaces, APIs. As part of our ongoing research, we have designed and prototyped a unified role-based/mandatory access control (RBAC/MAC) security model with delegation and enforcement to control access by users (via clients) to the methods of artifact APIs, namely: who (user/client) can invoke which methods of artifact APIs at what times. Underlying our RBAC/MAC framework are security assurance rules, SARs, which provide a confidence level on the attainment of an application´s security policy. We focus on the formal underpinnings of our security assurance research, its realization during security policy definition with management tools, and at runtime by the enforcement framework.
Keywords :
authorisation; distributed object management; message authentication; middleware; API; MAC; RBAC; SAR; application programmer interface; client applications; government agency; inter-operating software artifact; management tool; mandatory access control; middleware; role-based access control; security assurance rule; security policy; unrestricted access; Access control; Application software; Data security; Databases; Government; Middleware; Programming profession; Prototypes; Servers; Software prototyping;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232431
