An access control reference architecture

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

An access control reference architecture

Full text

Pdf (342 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 2nd ACM workshop on Computer security architectures table of contents

Alexandria, Virginia, USA

SESSION: Host Security architecture table of contents

Pages: 17-24

Year of Publication: 2008

ISBN:978-1-60558-300-6

Authors

Amir Jerbi	CA Inc., Herzilya, Israel
Ethan Hadar	CA Inc., Herzilya, Israel
Carrie Gates	CA Inc., Islandia, NY, USA
Dmitry Grebenev	CA inc., Islandia, NY, USA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 5, Downloads (12 Months): 116, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456508.1456513 What is a DOI?

ABSTRACT

System administrators typically have unrestricted access to all files and programs on a system, with no enforced principle of least privilege. Additionally, this unrestricted access causes challenges for audit as many different users might have superuser access and the audit trail may not distinguish between the actual users, recording instead all access as being by "superuser". These two issues result in further concerns regarding compliance for those organizations subject to government regulations (such as Sarbanes-Oxley in the United States). In this paper we present a reference architecture for an access control mechanism that addresses this issue by focusing specifically on the control and audit of system administrators. This reference architecture has been implemented and widely deployed. We describe some of its capabilities through a case study.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Stephen R. Band, Dawn M. Cappelli, Lynn F. Fischer, Andrew P. Moore, Eric D. Shaw, and Randall F. Trzeciak. Comparing insider it sabotage and espionage: A model-based analysis. Technical Report CMU/SEI--2006--TR--026, CERT, Carnegie Mellon University, 2006.
	2	D. Elliott Bell and Leonard J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report 2547, MITRE, March 1973.
	3	Dawn Cappelli, Andrew Moore, Timothy J. Shimeall, and Randall Trzeciak. Common sense guide to prevention and detection of insider threats. Technical report, Cylab, Carnegie Mellon University, July 2006.
	4	Jason Crampton, Understanding and developing role-based administrative models, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102143]
	5	Jason Crampton , George Loizou, Administrative scope: A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.201-231, May 2003 [doi>10.1145/762476.762478]
	6	Department of Defense. Department of defense trusted computer system evaluation criteria. Technical Report DoD 5200.28-STD, Department of Defense, December 1985.
	7	Bruce Powell Douglass, Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
	8	David Ferraiolo and Richard Kuhn. Role-based access control. In Proceedings of 15th National Computer Security Conference, 1992.
	9	Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
	10	Ethan Hadar , Gabriel M. Silberman, Agile architecture methodology: long term strategy interleaved with short term tactics, Companion to the 23rd ACM SIGPLAN conference on Object oriented programming systems languages and applications, October 19-23, 2008, Nashville, TN, USA [doi>10.1145/1449814.1449816]
	11	Butler W. Lampson. Dynamic protection structures. In Proceedings of AFIPS Conference, pages 27--38, 1969.
	12	Peter A. Loscocco and Stephen D. Smalley. Meeting critical security objectives with security-enhanced linux. In Proceedings of the 2001 Ottawa Linux Symposium, 2001.
	13	Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, September 1975.
	14	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	15	Ray Spencer , Stephen Smalley , Peter Loscocco , Mike Hibler , David Andersen , Jay Lepreau, The flask security architecture: system support for diverse security policies, Proceedings of the 8th conference on USENIX Security Symposium, p.11-11, August 23-26, 1999, Washington, D.C.
	16	Xiaolan Zhang , Antony Edwards , Trent Jaeger, Using CQUAL for Static Analysis of Authorization Hook Placement, Proceedings of the 11th USENIX Security Symposium, p.33-48, August 05-09, 2002