Design for dynamic user-role-based security

Imtiaz Mohammed, David Dilts

Research output: Contribution to journalArticle

16 Citations (Scopus)

Abstract

Preventing the disclosure, modification or destruction of information in a database has been the subject of considerable recent research (see, for example, [1-3]). While mandatory access control (MAC) assigns security clearance levels (e.g. top secret, secret) to all data for access control, discretionary access control (DAC) assigns privileges to users tailored to their responsibilities within an application. Both of these mechanisms have the fundamental limitation that they are unable to deal with the changing roles of a user (based on the occurrence of an event) within an application. As a result, user-role-based security (URBS) has been proposed [4, 5]. This paper demonstrates how URBS can be used to augment the existing security mechanisms. First the URBS concept, originally proposed for the object-oriented model, is extended to the relational model. Second, the extended model is augmented with the capability to respond to dynamic events. Finally, an integrated method is presented for the design of a dynamic, user-role-based security system.

Original languageEnglish (US)
Pages (from-to)661-671
Number of pages11
JournalComputers and Security
Volume13
Issue number8
DOIs
StatePublished - 1994
Externally publishedYes

Fingerprint

Access control
Security systems
event
privilege
responsibility

Keywords

  • Access control
  • Active database security
  • User-role-based security

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Design for dynamic user-role-based security. / Mohammed, Imtiaz; Dilts, David.

In: Computers and Security, Vol. 13, No. 8, 1994, p. 661-671.

Research output: Contribution to journalArticle

Mohammed, Imtiaz ; Dilts, David. / Design for dynamic user-role-based security. In: Computers and Security. 1994 ; Vol. 13, No. 8. pp. 661-671.
@article{c4f2e2921fb340469be93b7a031ad04a,
title = "Design for dynamic user-role-based security",
abstract = "Preventing the disclosure, modification or destruction of information in a database has been the subject of considerable recent research (see, for example, [1-3]). While mandatory access control (MAC) assigns security clearance levels (e.g. top secret, secret) to all data for access control, discretionary access control (DAC) assigns privileges to users tailored to their responsibilities within an application. Both of these mechanisms have the fundamental limitation that they are unable to deal with the changing roles of a user (based on the occurrence of an event) within an application. As a result, user-role-based security (URBS) has been proposed [4, 5]. This paper demonstrates how URBS can be used to augment the existing security mechanisms. First the URBS concept, originally proposed for the object-oriented model, is extended to the relational model. Second, the extended model is augmented with the capability to respond to dynamic events. Finally, an integrated method is presented for the design of a dynamic, user-role-based security system.",
keywords = "Access control, Active database security, User-role-based security",
author = "Imtiaz Mohammed and David Dilts",
year = "1994",
doi = "10.1016/0167-4048(94)90048-5",
language = "English (US)",
volume = "13",
pages = "661--671",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",
number = "8",

}

TY - JOUR

T1 - Design for dynamic user-role-based security

AU - Mohammed, Imtiaz

AU - Dilts, David

PY - 1994

Y1 - 1994

N2 - Preventing the disclosure, modification or destruction of information in a database has been the subject of considerable recent research (see, for example, [1-3]). While mandatory access control (MAC) assigns security clearance levels (e.g. top secret, secret) to all data for access control, discretionary access control (DAC) assigns privileges to users tailored to their responsibilities within an application. Both of these mechanisms have the fundamental limitation that they are unable to deal with the changing roles of a user (based on the occurrence of an event) within an application. As a result, user-role-based security (URBS) has been proposed [4, 5]. This paper demonstrates how URBS can be used to augment the existing security mechanisms. First the URBS concept, originally proposed for the object-oriented model, is extended to the relational model. Second, the extended model is augmented with the capability to respond to dynamic events. Finally, an integrated method is presented for the design of a dynamic, user-role-based security system.

AB - Preventing the disclosure, modification or destruction of information in a database has been the subject of considerable recent research (see, for example, [1-3]). While mandatory access control (MAC) assigns security clearance levels (e.g. top secret, secret) to all data for access control, discretionary access control (DAC) assigns privileges to users tailored to their responsibilities within an application. Both of these mechanisms have the fundamental limitation that they are unable to deal with the changing roles of a user (based on the occurrence of an event) within an application. As a result, user-role-based security (URBS) has been proposed [4, 5]. This paper demonstrates how URBS can be used to augment the existing security mechanisms. First the URBS concept, originally proposed for the object-oriented model, is extended to the relational model. Second, the extended model is augmented with the capability to respond to dynamic events. Finally, an integrated method is presented for the design of a dynamic, user-role-based security system.

KW - Access control

KW - Active database security

KW - User-role-based security

UR - http://www.scopus.com/inward/record.url?scp=0028715549&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0028715549&partnerID=8YFLogxK

U2 - 10.1016/0167-4048(94)90048-5

DO - 10.1016/0167-4048(94)90048-5

M3 - Article

VL - 13

SP - 661

EP - 671

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

IS - 8

ER -