Sylvia L. Osborn

Learn More
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various(More)
We describe in more detail than before the reference model for role-based access control introduced by Nyanchama and Osborn, and the role-graph model with its accompanying algorithms, which is one way of implementing role-role relationships. An alternative role insertion algorithm is added, and it is shown how the role creation policies of Fernandez et al.(More)
In this paper we reexamine the interaction between role-based access control and mandatory access control. We examine the question: from the perspect,ive of a given role graph in which the objects have been assigned security classifications, can its roles be assigned to subjects without violating mandai.ory access control rules? A detailed study of the(More)
An algorithm is presented that finds K, the set of all keys for a given set A of attribute names and a given set D[O] of functional dependencies, in time polynomial in 1 A 1, 1 D[O] / and 1 K /. It is shown that the problem of deciding whether or not there is a key having cardinality not greater than a specified integer is NP-complete. It is also shown that(More)
This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic de nitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops(More)
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various(More)
Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e. discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC(More)
Role-based access control provides a very flexible set of mechanisms for managing the access control of a complex system with many users, objects and applications. In our previous research, we have shown how, given a role graph and security labels for objects, one can test whether or not the system satisfies properties for lattice-based access control. In(More)