Matunda Nyanchama

Learn More
This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic denitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops(More)
We describe in more detail than before the reference model for role-based access control introduced by Nyanchama and Osborn, and the role-graph model with its accompanying algorithms, which is one way of implementing role-role relationships. An alternative role insertion algorithm is added, and it is shown how the role creation policies of Fernandez et al.(More)
This paper examines the concept of role-based protection and, in particular, role organization. From basic role relationships, a model for role organization is developed. The role graph model, its operator semantics based on graph theory and algorithms for role administration are proposed. The role graph model, in our view, presents a very generalized form(More)
In this paper we combined concepts of role-based protection and object oriented (O-O) databases to specify and enforce separation of duty as required for commercial database integrity [5, 23, 24]. Roles essentially <italic>partition</italic> database information into access contexts. Methods (from the O-O world) associated with a database object, also(More)
User role-based protection presents a flexible (hence adaptive) means for enforcing differing ranges of security policies. It can emulate both mandatory and discretionary access control modes of protection. Role-based protection enforces the principle of least privilege, hence minimizing the risk of Trojan horse attacks. This paper offers a glimpse into the(More)
classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage; the copyright notice, the title of the publication, and its date appear; and notice is given that copying is by permission of ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists requires prior(More)