Abstract
This paper presents a policy-based framework for managing access control in distributed heterogeneous systems. This framework is based on the PDP/PEP approach. The PDP (Policy Decision Point) is a network policy server responsible for supplying policy information for network devices and applications. The PEP (Policy Enforcement Point) is the policy client (usually, a component of the network device/application) responsible for enforcing the policy. The communication between the PDP and the PEP is implemented by the COPS protocol, defined by the IETF. The COPS (Common Open Policy Service) protocol defines two modes of operation: outsourcing and provisioning. The choice between outsourcing and provisioning is supposed to have an important influence on the policy decision time. This paper evaluates the outsourcing model for access control policies based on the RBAC (Role-Based Access Control) model. The paper describes a complete implementation of the PDP/PEP framework, and presents the average response time of PDP under different load conditions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D.F., Sandhu, R.S., Serban, G.: A Proposed Standard for Role-Based Access Control. ACM Transactions on Information System Security 4(3), 224–274 (2001)
Bartz, L.S.: LDAP Schema for Role Based Access Control. IETF Internet Draft (October 1997) (expired)
Bartz, L.S.: CADS-2 Information Model. IRS: Internal Revenue Service (2001) (not published)
Distributed Management Task Force (DMTF), Common Information Model (CIM) Specification, http://www.dmtf.org
Moore, B., Elleson, E., Strasser, J., Weterinen, A.: Policy Core Information Model, IETF RFC 3060 (February 2001)
Moore, B., Elleson, E., Strasser, J., Weterinen, A.: Policy Core Information Model Extensions, IETF RFC 3460 (February 2003)
Yeong, W., Howes, T., Killie, S.: Light Weight Directory Access Protocol, IETF RFC 1777 (March 1995)
Strassner, J., Ellesson, E., Moore, B., Moats, R.: Policy Core LDAP Schema, IETF Internet Draft (January 2002)
Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control, IETF RFC 2753 (January 2000)
Durham, D., Boyle, J., Cohen, R., Herzog, S., Rajan, R., Sastry, A.: The COPS (Common Open Policy Service) Protocol, IETF RFC 2748 (January 2000)
Snir, Y., Ramberg, Y., Strassner, J., Cohen, R., Moore, B.: Policy QoS Information Model, IETF internet-draft (November 2001)
OASIS, eXtensible Access Control Markup Language (XACML) – Version 1.03, OASIS Standard, February 18 (2003), http://www.oasis-open.org
RBPIM Project WebSite, http://www.ppgia.pucpr.br/~jamhour/RBPIM
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nabhen, R., Jamhour, E., Maziero, C. (2003). A Policy Based Framework for Access Control. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-39927-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20150-2
Online ISBN: 978-3-540-39927-8
eBook Packages: Springer Book Archive