ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
RBAC administration in distributed systems
Full text PdfPdf (423 KB)
Source
Symposium on Access Control Models and Technologies archive
Proceedings of the 13th ACM symposium on Access control models and technologies table of contents
Estes Park, CO, USA
SESSION: Access control in distributed environments table of contents
Pages 93-102  
Year of Publication: 2008
ISBN:978-1-60558-129-3
Authors
M.A.C. Dekker  DIES, Twente University, The Netherlands
J. Crampton  Royal Holloway, University of London, United Kingdom
S. Etalle  DIES, Twente University and SEC, Technical University of Eindhoven, The Netherlands
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 205,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1377836.1377852
What is a DOI?

ABSTRACT

Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
RBAC Standard, ANSI INCITS 359-2004, 2004.
 
2
E. Barka , R. Sandhu, Framework for role-based delegation models, Proceedings of the 16th Annual Computer Security Applications Conference, p.168, December 11-15, 2000
 
3
V. Bhamidipati and R. Sandhu. Push architectures for user role assignment. In Proceedings of the 23rd National Information Systems Security Conference (NISSC), pages 89--100, 2000.
 
4
J. Crampton and H. Khambhammettu. Delegation in role-based access control. In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS), LNCS, pages 174--191. Springer, Berlin, 2006.
5
Jason Crampton , George Loizou, Administrative scope: A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.201-231, May 2003  [doi>10.1145/762476.762478]
6
M. A. C. Dekker , J. G. Cederquist , J. Crampton , S. Etalle, Extended privilege inheritance in RBAC, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore  [doi>10.1145/1229285.1229335]
 
7
David F. Ferraiolo , D. Richard Kuhn , Ramaswamy Chandramouli, Role-Based Access Control, Artech House, Inc., Norwood, MA, 2003
 
8
Eric Freudenthal , Tracy Pesin , Lawrence Port , Edward Keenan , Vijay Karamcheti, dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments, Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02), p.411, July 02-05, 2002
9
Axel Kern , Andreas Schaad , Jonathan Moffett, An administration concept for the enterprise role-based access control model, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775414]
 
10
Ninghui Li , Ji-Won Byun , Elisa Bertino, A Critique of the ANSI Standard on Role-Based Access Control, IEEE Security and Privacy, v.5 n.6, p.41-49, November 2007  [doi>10.1109/MSP.2007.158]
11
Ninghui Li , Ziqing Mao, Administration in role-based access control, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore  [doi>10.1145/1229285.1229305]
12
Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management: extended abstract, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA  [doi>10.1145/501983.502005]
 
13
R. L. Rivest and B. Lampson. SDSI -- A simple distributed security infrastructure. Presented at CRYPTO'96 Rump session, 1996.
14
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
15
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
16
Jacques Wainer , Akhil Kumar, A fine-grained, controllable, user-to-user delegation method in RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1063991]
 
17
H. Wang and S. L. Osborn. An administrative model for role graphs. In Proceedings of the IFIP TC-11 WG 11.3 Annual Working Conference on Data and Application Security (DBSec), pages 302--315. Kluwer, 2003.
18
Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.404-441, August 2003  [doi>10.1145/937527.937530]
19
Xinwen Zhang , Sejong Oh , Ravi Sandhu, PBDM: a flexible delegation model in RBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775431]

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security, Theory


Keywords:
RBAC, access control, administration, distributed system

Collaborative Colleagues:
M.A.C. Dekker: colleagues
J. Crampton: colleagues
S. Etalle: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player