Design and Implementation of Fast Access Control That Supports the Separation of Duty

Kim, SeongKi; Jin, EunKyung; Song, YoungJin; Han, SangYong

doi:10.1007/11937807_17

SeongKi Kim¹⁹,
EunKyung Jin¹⁹,
YoungJin Song¹⁹ &
…
SangYong Han¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4318))

Included in the following conference series:

International Conference on Information Security and Cryptology

744 Accesses

Abstract

The importance of security-enhancing mechanisms at the kernel level, such as an access control, has been increasingly emphasized as the weaknesses and limitation of mechanisms at the user level have been revealed. Among many access controls available, role based access control (RBAC) is mandatory and supports the separation of duty when compared to discretionary access control (DAC). With these advantages, RBAC has been widely implemented at various levels of computing environments, such as the operating system and database management system levels. However, the overheads for supporting all of the RBAC features and flexibility are significant. We designed a fast, simple, and mandatory access control model with some RBAC and DAC characteristics, then implemented a prototype and measured its overheads.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

National Computer Security Center: A Guide to Understanding Discretionary Access Control in Trusted Systems (December 30, 1987)
Google Scholar
Hitchens, M., Varadharajan, V.: Design and specification of role-based access control policies. IEE Proceedings Software 147(4), 117–129 (2000)
Article Google Scholar
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Article Google Scholar
Loscocco, P.A., Smalley, S.D.: Meeting critical security objectives with security-enhanced Linux. In: Proceedings of the 2001 Ottawa Linux Symposium (July 2001)
Google Scholar
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track 2001 USENIX Annual Technical Conference (FREENIX 2001) (June 2001)
Google Scholar
Vance, C., Watson, R.: Security-Enhanced BSD. Technical Report, Rockville, MD (July 9, 2003)
Google Scholar
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: General security support for the Linux kernel. In: Proceedings of the 11th USENIX Security Symposium, August 05–09, 2002, pp. 17–31 (2002)
Google Scholar
Oracle Corporation: ORACLE7 Server SQL Language Reference Manual. 778-70-1292 (December 1992)
Google Scholar
Barkley, J.: Comparing simple role-based access control models and access control lists. In: Second ACM Workshop on Role-Based Access Control, pp. 127–132 (1997)
Google Scholar
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) Archive 5(3), 332–365 (2002)
Article Google Scholar
Ferraiolo, D.F., Cugini, J., Kuhn, D.R.: Role Based Access Control: Features and Motivations. In: Proceedings of The 11th Annual Computer Security Applications Conference, New Orleans, USA, pp. 241–248 (December 1995)
Google Scholar
Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The Flask Security Architecture: System Support for Diverse Security Policies. In: Proceedings of the 8th USENIX Security Symposium, Washington, USA, pp. 123–139 (August 1999)
Google Scholar
Niemi, D.C.: Unixbench 4.1.0, http://www.tux.org/pub/tux/niemi/unixbench
McVoy, L., Staelin, C.: lmbench 2, http://www.bitmover.com/lmbench
Mauro, J., McDougall, R.: Solaris Internals Core Kernel Architecture (2001)
Google Scholar
Samar, V., Lai, C.: Making login services independent of authentication technologies. In: Proceedings of the SunSoft Developer’s Conference (March 1996)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer Science and Engineering, Seoul National University, 56-1 Shinlim, Kwanak, Seoul, 151-742, Korea
SeongKi Kim, EunKyung Jin, YoungJin Song & SangYong Han

Authors

SeongKi Kim
View author publications
You can also search for this author in PubMed Google Scholar
EunKyung Jin
View author publications
You can also search for this author in PubMed Google Scholar
YoungJin Song
View author publications
You can also search for this author in PubMed Google Scholar
SangYong Han
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University College London, UK
Helger Lipmaa
Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA
Moti Yung
SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China
Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kim, S., Jin, E., Song, Y., Han, S. (2006). Design and Implementation of Fast Access Control That Supports the Separation of Duty. In: Lipmaa, H., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2006. Lecture Notes in Computer Science, vol 4318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11937807_17

Download citation

DOI: https://doi.org/10.1007/11937807_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49608-3
Online ISBN: 978-3-540-49610-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics