Abstract
The importance of security-enhancing mechanisms at the kernel level, such as an access control, has been increasingly emphasized as the weaknesses and limitation of mechanisms at the user level have been revealed. Among many access controls available, role based access control (RBAC) is mandatory and supports the separation of duty when compared to discretionary access control (DAC). With these advantages, RBAC has been widely implemented at various levels of computing environments, such as the operating system and database management system levels. However, the overheads for supporting all of the RBAC features and flexibility are significant. We designed a fast, simple, and mandatory access control model with some RBAC and DAC characteristics, then implemented a prototype and measured its overheads.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
National Computer Security Center: A Guide to Understanding Discretionary Access Control in Trusted Systems (December 30, 1987)
Hitchens, M., Varadharajan, V.: Design and specification of role-based access control policies. IEE Proceedings Software 147(4), 117–129 (2000)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Loscocco, P.A., Smalley, S.D.: Meeting critical security objectives with security-enhanced Linux. In: Proceedings of the 2001 Ottawa Linux Symposium (July 2001)
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track 2001 USENIX Annual Technical Conference (FREENIX 2001) (June 2001)
Vance, C., Watson, R.: Security-Enhanced BSD. Technical Report, Rockville, MD (July 9, 2003)
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: General security support for the Linux kernel. In: Proceedings of the 11th USENIX Security Symposium, August 05–09, 2002, pp. 17–31 (2002)
Oracle Corporation: ORACLE7 Server SQL Language Reference Manual. 778-70-1292 (December 1992)
Barkley, J.: Comparing simple role-based access control models and access control lists. In: Second ACM Workshop on Role-Based Access Control, pp. 127–132 (1997)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) Archive 5(3), 332–365 (2002)
Ferraiolo, D.F., Cugini, J., Kuhn, D.R.: Role Based Access Control: Features and Motivations. In: Proceedings of The 11th Annual Computer Security Applications Conference, New Orleans, USA, pp. 241–248 (December 1995)
Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The Flask Security Architecture: System Support for Diverse Security Policies. In: Proceedings of the 8th USENIX Security Symposium, Washington, USA, pp. 123–139 (August 1999)
Niemi, D.C.: Unixbench 4.1.0, http://www.tux.org/pub/tux/niemi/unixbench
McVoy, L., Staelin, C.: lmbench 2, http://www.bitmover.com/lmbench
Mauro, J., McDougall, R.: Solaris Internals Core Kernel Architecture (2001)
Samar, V., Lai, C.: Making login services independent of authentication technologies. In: Proceedings of the SunSoft Developer’s Conference (March 1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S., Jin, E., Song, Y., Han, S. (2006). Design and Implementation of Fast Access Control That Supports the Separation of Duty. In: Lipmaa, H., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2006. Lecture Notes in Computer Science, vol 4318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11937807_17
Download citation
DOI: https://doi.org/10.1007/11937807_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49608-3
Online ISBN: 978-3-540-49610-6
eBook Packages: Computer ScienceComputer Science (R0)