ABSTRACT
Authentication, access control, and audit (3As) are three fundamental mechanisms in enterprise security management for countering various types of looming threats from both insiders and outsiders. There has been a variety of web-based or desktop systems implementing those mechanisms, but little supports the applicability of mobile devices in their security management. In this paper we present an approach to managing various types of enterprise security policies using mobile devices in order to effectively monitor and defend trusted domains. Specifically, we describe a security architecture for designing and implementing a mobile-enabled solution for enterprise security management, whereby various benefits such as the backup of important security policies or credentials, offline administration, immediate response, and monitoring, can be achieved. We also present a proof-of-concept implementation using Microsoft Active Directory.
- J. Bacon, K. Moody, and W. Yao. Access control and trust in the use of widely distributed services. Softw. Pract. Exper., 33(4):375--394, 2003. Google ScholarDigital Library
- M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The KeyNote trust-management system version 2. RFC 2704, September 1999. Google ScholarDigital Library
- Distributed Management Task Force, Inc. Common Information Model (CIM)-Infrastructure Specification, version 2.3, 2004.Google Scholar
- Gartner. Extranet Access Management Magic Quadrant, Gartner Research Note (ID: M-13-6853), May 2001.Google Scholar
- ITU. ITU-T RECOMMENDATION T.128SHARE-APPLICATION SHARING, 1997. ITU-T Q3/16.Google Scholar
- ITU. ITU-T Recommendation X.509. Information Technology: Open Systems Interconnection - The Directory: Public-Key And Attribute Certificate Frameworks, 2000. ISO/IEC 9594--8.Google Scholar
- S. Kandala and R. Sandhu. Secure role-based workflow models. In Proceedings of the fifteenth annual working conference on Database and application security, Norwell, MA, USA, 2002. Kluwer Academic Publishers. Google ScholarDigital Library
- A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett. Observations on the role life-cycle in the context of enterprise security management. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, June 2002. Google ScholarDigital Library
- G. Neumann and M. Strembeck. A scenario-driven role engineering process for functional RBAC roles. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, June 2002. Google ScholarDigital Library
- R. L. Rivest and B. Lampson. SDSI - a simple distributed security infrastructure. Technical report, September 1996.Google Scholar
- H. Roeckle, G. Schimpf, and R. Weidinger. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin, Germany, July 26-27 2000. Google ScholarDigital Library
- RSA Security. RSA ClearTrust Advanced User Management Module, 2004.Google Scholar
- R. Sandhu. Engineering authority and trust in cyberspace: the om-am and rbac way. In Proceedings of 5th ACM Workshop on Role-Based Access Control, pages 71--76, Berlin, Germany, July 26-27 2000. ACM. Google ScholarDigital Library
- D. Shin and G.-J. Ahn. A role-based infrastructure management system: Design and implementation. Concurrency and Computation: Practice and Experience, 16(11), August 2004. Google ScholarDigital Library
- D. Shin, G.-J. Ahn, S. Cho, and S. Jin. On modeling system-centric information for role engineering. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2-3 2003. Google ScholarDigital Library
Index Terms
- Mobile-driven architecture for managing enterprise security policies
Recommendations
Specification and validation of enterprise information security policies
CUBE '12: Proceedings of the CUBE International Information Technology ConferenceAn enterprise is composed of assets and their inter-relationships. These inter-relationships are manifested in the connection of hardware assets in network architecture, or in the installation of software or information assets in hardware. Policies are ...
Security framework for home network: authentication, authorization, and security policy
PAKDD'07: Proceedings of the 2007 international conference on Emerging technologies in knowledge discovery and data miningAs a number of home network services are available and home network is expanding into ubiquitous computing environment, we need to protect home network system from illegal accesses and a variety of threats. Home network is exposed to various cyber ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Comments