Search CSRC

Conference: Fifth ACM Workshop on Role-Based Access Control (RBAC 2000) Abstract: This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas...

Abstract: Mars, RC6, Rijndael, Serpent and Twofish were selected as finalists for the Advanced Encryption Standard (AES). To evaluate the finalists’ suitability as random number generators, empirical statistical testing is commonly employed. Although it widely believed that these five algorithms are indeed ra...

Abstract: A workshop was held at the National Institute of Standards and Technology (NIST) on February 10-11, 2000 to examine public key-based key establishment techniques that are currently available and to discuss the approach to the development of a Key Management Standard for Federal Government use.

Conference: 15th Annual Computer Security Applications Conference, 1999 (ACSAC '99) Abstract: Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent of a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polici...

Abstract: CSPP provides the guidance necessary to develop compliant Common Criteria protection profiles for near-term, achievable, security baselines using commercial off-the-shelf (COTS) information technology. CSPP accomplishes this purpose by:--describing a largely policy-neutral, notional information syst...

Conference: Fourth ACM Workshop on Role-Based Access Control (RBAC '99) Abstract: The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other factors, in particular, relationships between en...

Conference: 22nd National Information Systems Security Conference Abstract: The Proceedings of the 22nd National information Systems Security Conference (NISSC), held October 18-21, 1999, in Arlington, Virginia.

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal information in furtherance of NIST’s statutory responsibilities. In 1998, NIST announced the acceptance of 15 c...

Abstract: Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial foray into the relatively unexplored terrain o...

Journal: IEEE Communications Magazine Abstract: Electronic commerce over the Internet is now tens of billions of dollars per year and growing. This article describes how objects used in EC can be located and protected from unauthorized access. It discusses the three kinds of EC: customer interactions with a business, business interactions with ot...

Abstract: One of the criteria used to evaluate the Advanced Encryption Standard candidate algorithms was their demonstrated suitability as random number generators. That is, the evaluation of their output utilizing statistical tests should not provide any means by which to computationally distinguish them fro...

Journal: ACM Transactions on Information and System Security Abstract: This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustme...

Conference: CALS Expo International and 21st Century Commerce 1998: Global Business Solutions for the New Millennium Abstract: Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on their profitability. Enabling customers to an...

Conference: Third ACM Workshop on Role-Based Access Control (RBAC '98) Abstract: Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security systems that implement information flow policies....

Conference: Third ACM Workshop on Role-Based Access Control (RBAC '98) Abstract: The role metaphor in Role Based Access Control (RBAC) is particularly powerful in its ability to express access policy in terms of the way in which administrators view organizations. Much of the effort in providing administrative tools for RBAC has been devoted to tools for associating users with ro...

Conference: 21st National Information Systems Security Conference (NISSC '98) Abstract: This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and Sybase Adaptive Server Release 11.5. We categ...

Conference: 21st National Information Systems Security Conference Abstract: The Proceedings of the 21st National information Systems Security Conference (NISSC), held October 5-8, 1998, in Arlington, Virginia. CD-ROM: "Early Computer Security Papers (1970-1985)" At NISSC '98, attendees were given a CD that contained papers that are unpublished, seminal work...

Conference: 21st National Information Systems Security Conference (NISSC '98) Abstract: Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. One feature of these models is the notion of a role h...

Conference: Third ACM Workshop on Role-Based Access Control (RBAC '98) Abstract: Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role relationships stored in the RBAC Database. This pa...

Abstract: Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. This report focuses on an RBAC model originally propo...

Abstract: This document supersedes NIST SP 500-172, Computer Security Training Guidelines, published in 1989. The new document supports the Computer Security Act (Public Law 100-235) and OMB Circular A-130 Appendix III requirements that NIST develop and issue computer security training guidance. This publicat...

Conference: Second ACM Workshop on Role-Based Access Control (RBAC '97) Abstract: The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A very simple RBAC model is shown to be no dif...

Conference: Second ACM Workshop on Role-Based Access Control (RBAC '97) Abstract: Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. Much of RBAC is fundamentally different from multi-level security (MLS) systems, and the properties of RBAC systems have not been explored formally to the extent...

Conference: Second ACM Workshop on Role-Based Access Control (RBAC '97) Abstract: In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and practices that face businesses today. The purpose o...

Conference: 20th National Information Systems Security Conference Abstract: The Proceedings of the 20th National information Systems Security Conference (NISSC), held October 7-10, 1997, in Baltimore, Maryland.