Article

Mobile-driven architecture for managing enterprise security policies

Authors:
William Claycomb

New Mexico Tech, Socorro, NM

New Mexico Tech, Socorro, NM
View Profile

,
Dongwan Shin

New Mexico Tech, Socorro, NM

New Mexico Tech, Socorro, NM
View Profile

ACM-SE 44: Proceedings of the 44th annual Southeast regional conferenceMarch 2006Pages 555–559https://doi.org/10.1145/1185448.1185569

Published:10 March 2006Publication History

ACM-SE 44: Proceedings of the 44th annual Southeast regional conference

Pages 555–559

ABSTRACT

Authentication, access control, and audit (3As) are three fundamental mechanisms in enterprise security management for countering various types of looming threats from both insiders and outsiders. There has been a variety of web-based or desktop systems implementing those mechanisms, but little supports the applicability of mobile devices in their security management. In this paper we present an approach to managing various types of enterprise security policies using mobile devices in order to effectively monitor and defend trusted domains. Specifically, we describe a security architecture for designing and implementing a mobile-enabled solution for enterprise security management, whereby various benefits such as the backup of important security policies or credentials, offline administration, immediate response, and monitoring, can be achieved. We also present a proof-of-concept implementation using Microsoft Active Directory.

References

J. Bacon, K. Moody, and W. Yao. Access control and trust in the use of widely distributed services. Softw. Pract. Exper., 33(4):375--394, 2003. Google ScholarDigital Library
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The KeyNote trust-management system version 2. RFC 2704, September 1999. Google ScholarDigital Library
Distributed Management Task Force, Inc. Common Information Model (CIM)-Infrastructure Specification, version 2.3, 2004.Google Scholar
Gartner. Extranet Access Management Magic Quadrant, Gartner Research Note (ID: M-13-6853), May 2001.Google Scholar
ITU. ITU-T RECOMMENDATION T.128SHARE-APPLICATION SHARING, 1997. ITU-T Q3/16.Google Scholar
ITU. ITU-T Recommendation X.509. Information Technology: Open Systems Interconnection - The Directory: Public-Key And Attribute Certificate Frameworks, 2000. ISO/IEC 9594--8.Google Scholar
S. Kandala and R. Sandhu. Secure role-based workflow models. In Proceedings of the fifteenth annual working conference on Database and application security, Norwell, MA, USA, 2002. Kluwer Academic Publishers. Google ScholarDigital Library
A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett. Observations on the role life-cycle in the context of enterprise security management. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, June 2002. Google ScholarDigital Library
G. Neumann and M. Strembeck. A scenario-driven role engineering process for functional RBAC roles. In Proceedings of 7th ACM Symposium on Access Control Models and Technologies, Monterey, CA, June 2002. Google ScholarDigital Library
R. L. Rivest and B. Lampson. SDSI - a simple distributed security infrastructure. Technical report, September 1996.Google Scholar
H. Roeckle, G. Schimpf, and R. Weidinger. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proceedings of 5th ACM Workshop on Role-Based Access Control, Berlin, Germany, July 26-27 2000. Google ScholarDigital Library
RSA Security. RSA ClearTrust Advanced User Management Module, 2004.Google Scholar
R. Sandhu. Engineering authority and trust in cyberspace: the om-am and rbac way. In Proceedings of 5th ACM Workshop on Role-Based Access Control, pages 71--76, Berlin, Germany, July 26-27 2000. ACM. Google ScholarDigital Library
D. Shin and G.-J. Ahn. A role-based infrastructure management system: Design and implementation. Concurrency and Computation: Practice and Experience, 16(11), August 2004. Google ScholarDigital Library
D. Shin, G.-J. Ahn, S. Cho, and S. Jin. On modeling system-centric information for role engineering. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2-3 2003. Google ScholarDigital Library

Index Terms

Mobile-driven architecture for managing enterprise security policies
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Specification and validation of enterprise information security policies
CUBE '12: Proceedings of the CUBE International Information Technology Conference

An enterprise is composed of assets and their inter-relationships. These inter-relationships are manifested in the connection of hardware assets in network architecture, or in the installation of software or information assets in hardware. Policies are ...
Read More
Security framework for home network: authentication, authorization, and security policy
PAKDD'07: Proceedings of the 2007 international conference on Emerging technologies in knowledge discovery and data mining

As a number of home network services are available and home network is expanding into ubiquitous computing environment, we need to protect home network system from illegal accesses and a variety of threats. Home network is exposed to various cyber ...
Read More
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ACM-SE 44: Proceedings of the 44th annual Southeast regional conference
March 2006
823 pages
ISBN:1595933158
DOI:10.1145/1185448
General Chair:
Ronaldo Menezes
Florida Institute of Technology
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 March 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control
audit
authentication
enterprise security management
mobile solution
security policy
Qualifiers
- Article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 2
  Total Citations
  View Citations
- 644
  Total Downloads
- Downloads (Last 12 months)4
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Mobile-driven architecture for managing enterprise security policies

ACM-SE 44: Proceedings of the 44th annual Southeast regional conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Specification and validation of enterprise information security policies

Security framework for home network: authentication, authorization, and security policy

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security