Modeling mandatory access control in role-based security systems
- Univ. of Western Ontario, London (Canada)
This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic definitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of information, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems. The acyclic information flows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.
- OSTI ID:
- 457830
- Report Number(s):
- CONF-9508233-; TRN: 96:005796-0002
- Resource Relation:
- Conference: 9. annual working conference on database security: status and prospects, Rensselaer, NY (United States), 13-15 Aug 1995; Other Information: PBD: 1996; Related Information: Is Part Of Database security IX: Status and prospects; Spooner, D.L.; Demurjian, S.A.; Dobson, J.E. [eds.]; PB: 415 p.
- Country of Publication:
- United States
- Language:
- English
Similar Records
Enhancing Physical Layer Security for NOMA Transmission in mmWave Drone Networks
Physical Layer Security for mmWave Drone Links with NOMA