Revocations -: a classification

被引：25

作者：

Hagström, A ^{[1
]}

Jajodia, S ^{[1
]}

Parisi-Presicce, F ^{[1
]}

Wijesekera, D ^{[1
]}

机构：

[1] George Mason Univ, Ctr Secure Info Syst, Fairfax, VA 22030 USA

来源：

14TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS | 2001年

关键词：

D O I：

10.1109/CSFW.2001.930135

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

In an ownership-based framework for access control, with the possibility of granting access and administrative rights, chains of granted accesses will form. This is a comprehensive study of the problem of revoking such rights, and on the impact different revocation schemes may have on the chains. Three main revocation characteristics are identified. the extent of the revocation to other grantees (propagation), the effect on other grants to the same grantee (dominance), and the permanence of the negation of rights (resilience). A classification is devised using these three dimensions. The different schemes thus, obtained are described, and compared to other models from the literature.

引用

页码：44 / 58

页数：15

共 9 条

[1]

Astrahan M. M., 1976, ACM Transactions on Database Systems, V1, P97, DOI 10.1145/320455.320457

[2] Framework for role-based delegation models [J].

Barka, E ;

Sandhu, R .

16TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2000, :168-176

[3]

Bertino E., 1996, 3rd ACM Conference on Computer and Communications Security, P169, DOI 10.1145/238168.238211

[4]

BERTINO E, 1997, IEEE T KNOWL DATA EN, V9, P1

[5]

Fagin R., 1978, ACM Transactions on Database Systems, V3, P310, DOI 10.1145/320263.320288

[6] A logical language for expressing authorizations [J].

Jajodia, S ;

Samarati, P ;

Subrahmanian, VS .

1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1997, :31-42

[7]

JAJODIA S, 2001, IN PRESS ACM T DATAB

[8]

JAJODIA S, 1997, P ACM SIGMOD INT C M, P474

[9]

PATRICIA P, 1976, ACM T DATABASE SYST, V1, P242

← 1 →