Abstract
This paper investigates the advantages of enabling object classification in role-based access control (RBAC). First, it is shown how the merits of the RBAC models can be ascribed to its using of abstraction and state of dependencies. Following same arguments, it is shown how inclusion of object classification will ameliorate dependencies and abstractions in the model. The discussion contains examining seven criteria to compare object-classification-enabled RBAC with plain RBAC and trivial-permission-assignment models, in order to show the advantages of object classification in a more formal manner. The criteria are: number and complexity of decisions, change management cost, risk of errors, policy portability and reuse, enforcement and compliance, support for traditional information classification policies, and object grouping and management support.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
American National Standards Institute: American National Standard for Information Technology, Role Based Access Control, ANSI/INCITS 359 (2004)
Bell, D.E., Lapadula, L.J.: Secure Computer Systems: Mathematical Foundations, Mitre Corp., Bedford, MA, Technical Report ESD-TR-73-278 (1973)
Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized Role-Based Access Control for Securing Future Applications. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore, MD, October 2000 (2000)
Damiani, Ernesto, Vimercati, De Capitani Di, S., Paraboschi, Stefano, Samarati, Pierangela.: Design and Implementation of an Access Control Processor for XML Documents. In: Proceedings of the 9th International World Wide Web Conference on Computer Networks: the International Journal of Computer and Telecommunications Networking, pp. 59–75 (2000)
Damiani, Ernesto, Vimercati, De Capitani Di, S., Paraboschi, Stefano, Samarati, Pierangela.: A Fine-Grained Access Control System For XML Documents. ACM Transactions on Information and System Security 5(2), 169–202 (2002)
Ferraiolo, D.F., Kuhn, R.: Role-Based Access Control. In: Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland, October 1992, pp. 554–563 (1992)
Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R.: Role-Based Access Control: Features and Motivations. In: Proceedings of the 11th Annual Computer Security Applications, New Orleans, LA, December 1995, pp. 241–248 (1995)
Ferraiolo, D.F., Barkley, J.F., Kuhn, D.R.: A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)
Ferraiolo, D.F., Sandhu, Ravi, Gavrila, Serban, Kuhn, D.R., Chandrmouli, Ramaswamy.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, Ramaswamy.: Role-Based Access Control, Artech House London (2003)
Giuri, Luigi, Iglio, Pietro.: Role Templates For Content-Based Access Control. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 153–159 (1997)
Goh, Cheh, Baldwin, Adrian.: Towards a More Complete Model of Role. In: Proceedings of the Third ACM Workshop on Role-Based Access Control, pp. 55–62 (1998)
Hu, Ferraiolo, V.C., Kuhn, D.F., Rick, D.: Assessment of Access Control Systems, National Institute of Standard Technology, Interagency Report 7316 (2006)
International Standard Organization: Information Technology-Security Techniques-Code of Practice for Information Security Management, ISO/IEC 17799:2005 (2005)
International Standard Organization: Information Technology-Security Techniques- Information Security Management Systems Requirements, ISO/IEC 27001:2005 (2005)
Kumar, Arun, Karnik, Neeran, Chafle, Girish.: Context Sensitivity in Role-Based Access Control. ACM SIGOPS Operating Systems Review 36(3), 53–66 (2002)
Osborn, Sylvia, Sandhu, Ravi, Munawer, Qamar.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Roeckle, Haio, Schimpf, Gerhard, Weidinger, Rupert.: Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organization. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 103-110 (2000)
Sandhu, Ravi, Coyne, Edward. J., Feinstein, Hal, L., Youman, Charles, E.: Role-Based Access Control: A Multi-Dimensional View. In: Proceedings of 10th Annual Computer Security Applications Conference, December 1994, Orlando, Florida, pp. 54–62 (1994)
Sandhu, Ravi, Coynek, Edward, J., Feinsteink, Hal, L., Youmank, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Schaad, Andreas, Moffett, Jonathan, Jacob, Jeremy.: The Role-Based Access Control System of a European Bank: a Case Study and Discussion. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3–9 (2001)
Thomas, R.K.: Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 13–19 (1997)
Al-Kahtani, M.A., Sandhu, R.: Induced Role Hierarchies with Attribute-Based RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 142–148 (2003)
Chae, J.: Towards Modal Logic Formalization of the Role-based Access Control with Object Classes. In: FORTE 2007. LNCS, vol. 4574, pp. 97–111. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jafari, M., Fathian, M. (2007). Management Advantages of Object Classification in Role-Based Access Control (RBAC). In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-76929-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76927-9
Online ISBN: 978-3-540-76929-3
eBook Packages: Computer ScienceComputer Science (R0)