skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Modeling mandatory access control in role-based security systems

Abstract

This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic definitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of information, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems. The acyclic information flows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.

Authors:
;  [1]
  1. Univ. of Western Ontario, London (Canada)
Publication Date:
OSTI Identifier:
457830
Report Number(s):
CONF-9508233-
TRN: 96:005796-0002
Resource Type:
Conference
Resource Relation:
Conference: 9. annual working conference on database security: status and prospects, Rensselaer, NY (United States), 13-15 Aug 1995; Other Information: PBD: 1996; Related Information: Is Part Of Database security IX: Status and prospects; Spooner, D.L.; Demurjian, S.A.; Dobson, J.E. [eds.]; PB: 415 p.
Country of Publication:
United States
Language:
English
Subject:
99 MATHEMATICS, COMPUTERS, INFORMATION SCIENCE, MANAGEMENT, LAW, MISCELLANEOUS; INFORMATION SYSTEMS; SECURITY; DATA BASE MANAGEMENT; PROPRIETARY INFORMATION; SECRECY PROTECTION

Citation Formats

Nyanchama, M., and Osborn, S.. Modeling mandatory access control in role-based security systems. United States: N. p., 1996. Web.
Nyanchama, M., & Osborn, S.. Modeling mandatory access control in role-based security systems. United States.
Nyanchama, M., and Osborn, S.. 1996. "Modeling mandatory access control in role-based security systems". United States. doi:.
@article{osti_457830,
title = {Modeling mandatory access control in role-based security systems},
author = {Nyanchama, M. and Osborn, S.},
abstractNote = {This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic definitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of information, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems. The acyclic information flows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = 1996,
month =
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined atmore » least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.« less
  • This paper describes an integrated system which combines Personnel Access and Control, Special Materials Detection, Metal Detection and Explosive Detection units. This combined unit is provided as a package for use in nuclear facilities. Operation procedures, problems and experience are reviewed and discussed. 7 figures.
  • Abstract not provided.
  • The DOE has identified the Lawrence Livermore National Laboratory ARGUS system as the standard entry control system for the DOE Complex. ARGUS integrates several key functions, specifically, badging, entry control, and verification of clearance status. Not all sites need or can afford an ARGUS system. Such sites are therefore limited to commercial equipment which provide ARGUS like features. In this project an alternative way to integrate commercial equipment into an integrated system to include badging, access control, property control, and automated verification of clearance status has been investigated. Such a system would provide smaller sites the same functionality as ismore » provided by ARGUS. Further, it would allow sites to fully participate in the DOE`s concept of Complex wide access control. This multi-year task is comprised of three phases. Phase 1, system requirements and definitions, and phase 2, software and hardware development, were completed during fiscal year 1994. This report covers these two phases and the demonstration system which resulted. Phase three would employ the demonstration system to evaluate system performance, identify operational limits and to integrate additional features. The demonstration system includes a badging station, a database server, a managers workstation, an entry control system, and a property protection system. The functions have been integrated through the use of custom interfaces and operator screens which greatly increase ease of use.« less