Access control

About: Access control is a research topic. Over the lifetime, 32601 publications have been published within this topic receiving 475017 citations.

Role-based access control models

Abstract: Security administration of large systems is complex, but it can be simplified by a role-based access control approach. This article explains why RBAC is receiving renewed attention as a method of security administration and review, describes a framework of four reference models developed to better understand RBAC and categorizes different implementations, and discusses the use of RBAC to manage itself.

Ciphertext-Policy Attribute-Based Encryption

Abstract: In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call ciphertext-policy attribute-based encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous attribute-based encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as role-based access control (RBAC). In addition, we provide an implementation of our system and give performance measurements.

Proposed NIST standard for role-based access control

Abstract: In this article we propose a standard for role-based access control (RBAC). Although RBAC models have received broad support as a generalized approach to access control, and are well recognized for their many advantages in performing large-scale authorization management, no single authoritative definition of RBAC exists today. This lack of a widely accepted model results in uncertainty and confusion about RBAC's utility and meaning. The standard proposed here seeks to resolve this situation by unifying ideas from a base of frequently referenced RBAC models, commercial products, and research prototypes. It is intended to serve as a foundation for product development, evaluation, and procurement specification. Although RBAC continues to evolve as users, researchers, and vendors gain experience with its application, we feel the features and components proposed in this standard represent a fundamental and stable set of mechanisms that may be enhanced by developers in further meeting the needs of their customers. As such, this document does not attempt to standardize RBAC features beyond those that have achieved acceptance in the commercial marketplace and research community, but instead focuses on defining a fundamental and stable set of RBAC components. This standard is organized into the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The reference model defines the scope of features that comprise the standard and provides a consistent vocabulary in support of the specification. The RBAC System and Administrative Functional Specification defines functional requirements for administrative operations and queries for the creation, maintenance, and review of RBAC sets and relations, as well as for specifying system level functionality in support of session attribute management and an access control decision process.

Rfid Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification

Abstract: RFID (Radio Frequency Identification) is used in all areas of automatic data capture allowing contactless identification of objects using RF. With applications ranging from secure internet payment systems to industrial automation and access control, RFID technology solutions are receiving much attention in the research and development departments of large corporations. RFID is a major growth are in auto ID, allowing emergency vehicles to safely trip traffic signals, and providing the technology behind contactless smart cards, "autopiloting" cars, and production automation. Fully revised and updated to include all the latest information on industry standards and applications, this new edition provides a standard reference for people working with RFID technology.Expanded sections explain exactly how RFID systems work, and provide up-to-date information on the development of new tags such as the smart label. This book provides updated coverage of RFID technologies, including electron data carrier architecture and common algorithms for anticollision. It details the latest RFID applications, such as the smartlabel, e-commerce and the electronic purse, document tracking and e-ticketing. It includes a detailed appendix providing up-to-date information on relevant ISO standards and regulations, including descriptions of ISO 14443 for contactless ticketing and ISO 15693 covering the smartlabel.A leading-edge reference for this rapidly evolving technology, this text is of interest to practitioners in auto ID and IT designing RFID products and end-users of RFID technology, computer and electronics engineers in security system development and microchip designers, automation, industrial and transport engineers and materials handling specialists. It is also a valuable resource for graduate level students in electronics and industrial engineering design.