Abstract
This paper analyzes the base model of role-based access control, specifically, the risks in developing an information-secure computational system. In developing the plan of the “cost-risk” analysis, the area of application should be identified on the basis of documents and on detailed knowledge of the given model of information security and software means. The requirements for role-based security models are defined.
Similar content being viewed by others
References
Gerasimenko, V.A., Zashchita informatsii v avtomatizirovannykh sistemakh obrabotki dannykh (Protection of Information in Automated Treatment Systems), Moscow: Energoatomizdat, 1994, vol. 1.
Sukharev, E.M., Modeli tekhnicheskikh razvedok i ugroz bezopasnosti informatsii (Models of Technical Explorations and Threats to Safety of Information), Moscow: Radiotekhnika, 2003, vol. 3.
Venttsel’, E.S. and Ovcharov, L.A., Teoriya sluchainykh protsessov i ee inzhenernye prilozheniya, (Theory of Accidental Processes and Its Engineering Applications), Moscow: Nauka, 1991.
Devyanin, P.N., Modeli bezopasnosti komp’yuternykh sistem (Models of Computer System Safety), Moscow: Akademiya, 2005.
Zeifman, A., Bening, I., and Sokolov, I., Markovskie tsepi i modeli s nepreryvnym vremenem (Markov Chains and Models with Continuous Time), Moscow: Eleks, 2009.
Zegzhda, D.P. and Ivashko, A.M., Osnovy bezopasnosti informatsionnykh sistem (Fundamentals of Information System Safety), Moscow: Goryachaya liniya-Telekom, 2000.
Shakhanova, M.V., Sovremennye tekhnologii informatsionnoi bezopasnosti (Contemporary Technologies of Information Safety), Vladivostok: DVGTU, 2007.
Sandhu, R., Rationale for the RBAC96 Family of Access Control Models, Proc 2nd ACM Workshop on Role-Based Access Control, Fairfax, 1997.
Esikov, O.V., Mathematical Model of Structure Optimization of Information Protection Mean Complexes in Contemporary Automated Systems of Data Treatment, Prib. Sist.Upr. Kontrol’, Diag., 2000, no. 4, pp. 1–4.
Ferraiolo, D.R., Kuhn, D.R., and Sandhu, R., RBAC Standard Rationale: Comment on a Critique of the ANSI Standard on Role-Based Access Control, IEEE Secur. Priv., 2007, vol. 5, no. 6, pp. 51–53. http://csrc.nist.gov/groups/SNS/rbac/documents/ferraiolo-kuhn-sandhu-07.pdf
Abie, A. and Skomedal, A., Conceptual Formal Framework for Developing and Maintaining Security-Critical Systems, Int. J. Comp. Sci. Network Secur., 2005, vol. 5, no. 12, pp. 89–98.
Shakhanova, M.V. and Varlataya, S.K., Risk Analysis at Development of Requirements to the Information-Safety Technologies of Computation System Design, Materialy XI mezhdunarodnoi nauchno-tekhnicheskoi konferentsii “Informatsionnaya bezopasnost” (Proc. 11th Int. Sci.-Techn. Conf. ‘Information Safety’), Taganrog, 2010, part 1, pp. 104–109.
Esikov, O.V., Sukharev, E.M., Kislitsyn, A.S, and Pruzhinin, A.V., Optimization of Structure of Information Protection Complex System in Contemporary Systems of Information Transmission and Treatment, Materialy NTK, posvyashchennoi 30-letiyu TsNIIRES (Proc. Sci.-Techn. Conf. Dedicated to 30th Anniversary of Central Scientific-Research Institute of Radioelectonic Systems), Moscow, 2001, vol. 8.
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © M.V. Shakhanova, 2012, published in Avtomatika i Vychislitel’naya Tekhnika, 2012, no. 5, pp. 26–35.
About this article
Cite this article
Shakhanova, M.V. The base model of role-based access control and the “cost-risk” criterion of data processing. Aut. Control Comp. Sci. 46, 200–206 (2012). https://doi.org/10.3103/S0146411612050069
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411612050069