Role-based access control model for protection domain derivation and management

Trent Ray Jaeger, Frederique Giraud, Nayeem Islam, Jochen Liedtke

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

We present a role-based access control (RBAC) model for deriving and managing protection domains of dynamically-obtained, remote programs, such as downloaded executable content. These are programs that are obtained from remote sources (e.g., via the web) and executed upon receipt. The protection domains of these programs must be limited to prevent content providers from gaining unauthorized access to the downloading principal's resources. However, it can be difficult to determine the proper, limited protection domain for a program in which downloading principals need to share some of their resources. Current systems usually rely on one of a number of possible principals to specify the content protection domains, but the exclusion of input from other principals limits the flexibility in which protection domains can be derived and managed. In this paper, we describe a RBAC model for deriving protection domains and managing their evolution throughout the execution of the content. This model accounts for the variety of principals that may be involved in domain derivation and how their input is managed. We demonstrate the use of this model to specify a variety of protection domain derivation and management policies.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Workshop on Role-Based Access Control
Editors Anon
PublisherACM
Pages95-106
Number of pages12
StatePublished - 1997
EventProceedings of the 1997 2nd ACM Workshop on Role-Based Access Control - Fairfax, VA, USA
Duration: Nov 6 1997Nov 7 1997

Other

OtherProceedings of the 1997 2nd ACM Workshop on Role-Based Access Control
CityFairfax, VA, USA
Period11/6/9711/7/97

Fingerprint

Access control

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Cite this

Jaeger, T. R., Giraud, F., Islam, N., & Liedtke, J. (1997). Role-based access control model for protection domain derivation and management. In Anon (Ed.), Proceedings of the ACM Workshop on Role-Based Access Control (pp. 95-106). ACM.
Jaeger, Trent Ray ; Giraud, Frederique ; Islam, Nayeem ; Liedtke, Jochen. / Role-based access control model for protection domain derivation and management. Proceedings of the ACM Workshop on Role-Based Access Control. editor / Anon. ACM, 1997. pp. 95-106
@inproceedings{4020494857b04d68985a41084a89aca7,
title = "Role-based access control model for protection domain derivation and management",
abstract = "We present a role-based access control (RBAC) model for deriving and managing protection domains of dynamically-obtained, remote programs, such as downloaded executable content. These are programs that are obtained from remote sources (e.g., via the web) and executed upon receipt. The protection domains of these programs must be limited to prevent content providers from gaining unauthorized access to the downloading principal's resources. However, it can be difficult to determine the proper, limited protection domain for a program in which downloading principals need to share some of their resources. Current systems usually rely on one of a number of possible principals to specify the content protection domains, but the exclusion of input from other principals limits the flexibility in which protection domains can be derived and managed. In this paper, we describe a RBAC model for deriving protection domains and managing their evolution throughout the execution of the content. This model accounts for the variety of principals that may be involved in domain derivation and how their input is managed. We demonstrate the use of this model to specify a variety of protection domain derivation and management policies.",
author = "Jaeger, {Trent Ray} and Frederique Giraud and Nayeem Islam and Jochen Liedtke",
year = "1997",
language = "English (US)",
pages = "95--106",
editor = "Anon",
booktitle = "Proceedings of the ACM Workshop on Role-Based Access Control",
publisher = "ACM",

}

Jaeger, TR, Giraud, F, Islam, N & Liedtke, J 1997, Role-based access control model for protection domain derivation and management. in Anon (ed.), Proceedings of the ACM Workshop on Role-Based Access Control. ACM, pp. 95-106, Proceedings of the 1997 2nd ACM Workshop on Role-Based Access Control, Fairfax, VA, USA, 11/6/97.

Role-based access control model for protection domain derivation and management. / Jaeger, Trent Ray; Giraud, Frederique; Islam, Nayeem; Liedtke, Jochen.

Proceedings of the ACM Workshop on Role-Based Access Control. ed. / Anon. ACM, 1997. p. 95-106.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Role-based access control model for protection domain derivation and management

AU - Jaeger, Trent Ray

AU - Giraud, Frederique

AU - Islam, Nayeem

AU - Liedtke, Jochen

PY - 1997

Y1 - 1997

N2 - We present a role-based access control (RBAC) model for deriving and managing protection domains of dynamically-obtained, remote programs, such as downloaded executable content. These are programs that are obtained from remote sources (e.g., via the web) and executed upon receipt. The protection domains of these programs must be limited to prevent content providers from gaining unauthorized access to the downloading principal's resources. However, it can be difficult to determine the proper, limited protection domain for a program in which downloading principals need to share some of their resources. Current systems usually rely on one of a number of possible principals to specify the content protection domains, but the exclusion of input from other principals limits the flexibility in which protection domains can be derived and managed. In this paper, we describe a RBAC model for deriving protection domains and managing their evolution throughout the execution of the content. This model accounts for the variety of principals that may be involved in domain derivation and how their input is managed. We demonstrate the use of this model to specify a variety of protection domain derivation and management policies.

AB - We present a role-based access control (RBAC) model for deriving and managing protection domains of dynamically-obtained, remote programs, such as downloaded executable content. These are programs that are obtained from remote sources (e.g., via the web) and executed upon receipt. The protection domains of these programs must be limited to prevent content providers from gaining unauthorized access to the downloading principal's resources. However, it can be difficult to determine the proper, limited protection domain for a program in which downloading principals need to share some of their resources. Current systems usually rely on one of a number of possible principals to specify the content protection domains, but the exclusion of input from other principals limits the flexibility in which protection domains can be derived and managed. In this paper, we describe a RBAC model for deriving protection domains and managing their evolution throughout the execution of the content. This model accounts for the variety of principals that may be involved in domain derivation and how their input is managed. We demonstrate the use of this model to specify a variety of protection domain derivation and management policies.

UR - http://www.scopus.com/inward/record.url?scp=0031379041&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0031379041&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:0031379041

SP - 95

EP - 106

BT - Proceedings of the ACM Workshop on Role-Based Access Control

A2 - Anon, null

PB - ACM

ER -

Jaeger TR, Giraud F, Islam N, Liedtke J. Role-based access control model for protection domain derivation and management. In Anon, editor, Proceedings of the ACM Workshop on Role-Based Access Control. ACM. 1997. p. 95-106