![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Download ( PDF | 421kB) Nur für Mitarbeiter des Archivs |
Authrule: A Generic Rule-Based Authorization Module
Busch, Sönke, Muschall, Björn, Pernul, Günther und Priebe, Torsten (2006) Authrule: A Generic Rule-Based Authorization Module. In: Data and Applications Security XX: proceedings / 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31 - August 2, 2006. Lecture Notes in Computer Science, 4127. Springer, Berlin, S. 267-281. ISBN 978-3-540-36799-4; 978-3-540-36796-3.Veröffentlichungsdatum dieses Volltextes: 05 Aug 2009 13:23
Buchkapitel
DOI zum Zitieren dieses Dokuments: 10.5283/epub.430
Zusammenfassung
As part of the access control process an authorization decision needs to be taken based on a certain authorization model. Depending on the environment different models are applicable (e.g., RBAC in organizations, MAC in the military field). An authorization model contains all necessary elements needed for the decision (e.g., subjects, objects, and roles) as well as their relations. As these ...
As part of the access control process an authorization decision needs to be taken based on a certain authorization model. Depending on the environment different models are applicable (e.g., RBAC in organizations, MAC in the military field). An authorization model contains all necessary elements needed for the decision (e.g., subjects, objects, and roles) as well as their relations. As these elements are usually inherent in the software architecture of an access control module, such modules limit themselves to the use of a certain specific authorization model. A later change of the model consequently results in a substantial effort for revising the software architecture of the given module. Rule-based systems are well suited to represent authorization models by mapping them to facts and rules, which can be modified in a flexible manner. In this paper
we present a generic authorization module, which can take authorization decisions on the basis of arbitrary models utilizing rule-based technology.
The implementation of the popular RBAC and ABAC (attribute-based access control) models is demonstrated.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Buchkapitel | ||||
| ISBN | 978-3-540-36799-4; 978-3-540-36796-3 | ||||
| Buchtitel: | Data and Applications Security XX: proceedings / 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31 - August 2, 2006 | ||||
|---|---|---|---|---|---|
| Verlag: | Springer | ||||
| Ort der Veröffentlichung: | Berlin | ||||
| Sonstige Reihe: | Lecture Notes in Computer Science | ||||
| Band: | 4127 | ||||
| Seitenbereich: | S. 267-281 | ||||
| Datum | 2006 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatik und Data Science > Fachbereich Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identifikationsnummer |
| ||||
| Dewey-Dezimal-Klassifikation | 300 Sozialwissenschaften > 330 Wirtschaft | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Ja | ||||
| Dokumenten-ID | 430 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik