Role-based access control model for protection domain derivation and management

Trent Ray Jaeger, Frederique Giraud, Nayeem Islam, Jochen Liedtke

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

We present a role-based access control (RBAC) model for deriving and managing protection domains of dynamically-obtained, remote programs, such as downloaded executable content. These are programs that are obtained from remote sources (e.g., via the web) and executed upon receipt. The protection domains of these programs must be limited to prevent content providers from gaining unauthorized access to the downloading principal's resources. However, it can be difficult to determine the proper, limited protection domain for a program in which downloading principals need to share some of their resources. Current systems usually rely on one of a number of possible principals to specify the content protection domains, but the exclusion of input from other principals limits the flexibility in which protection domains can be derived and managed. In this paper, we describe a RBAC model for deriving protection domains and managing their evolution throughout the execution of the content. This model accounts for the variety of principals that may be involved in domain derivation and how their input is managed. We demonstrate the use of this model to specify a variety of protection domain derivation and management policies.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Workshop on Role-Based Access Control
Editors Anon
PublisherACM
Pages95-106
Number of pages12
StatePublished - 1997
EventProceedings of the 1997 2nd ACM Workshop on Role-Based Access Control - Fairfax, VA, USA
Duration: Nov 6 1997Nov 7 1997

Other

OtherProceedings of the 1997 2nd ACM Workshop on Role-Based Access Control
CityFairfax, VA, USA
Period11/6/9711/7/97

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'Role-based access control model for protection domain derivation and management'. Together they form a unique fingerprint.

Cite this