skip to main content
10.1145/1229285.1229305acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
Article

Administration in role-based access control

Published: 20 March 2007 Publication History

Abstract

Administration of large-scale RBAC systems is a challenging open problem. We propose a principled approach in designing and analyzing administrative models for RBAC. We identify six design requirements for administrative models of RBAC. These design requirements are motivated by three principles for designing security mechanisms: (1) flexibility and scalability, (2) psychological acceptability, and (3) economy of mechanism. We then use these requirements to analyze several approaches to RBAC administration, including ARBAC97 [21, 23, 22], SARBAC [4, 5], and the RBAC system in the Oracle DBMS. Based on these requirements and the lessons learned in analyzing existing approaches, we design UARBAC, a new family of administrative models for RBAC that has significant advantages over existing models.

References

[1]
ANSI. American national standard for information technology --- role based access control. ANSI INCITS 359-2004, Feb. 2004.
[2]
R. W. Baldwin. Naming and grouping privileges to simplify security management in large databases. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 116--132, May 1990.
[3]
J. Crampton. Understanding and developing role-based administrative models. In Proc. ACM Conference on Computer and Communications Security (CCS), pages 158--167, Nov. 2005.
[4]
J. Crampton and G. Loizou. Administrative scope and role hierarchy operations. In Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pages 145--154, June 2002.
[5]
J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 6(2):201--231, May 2003.
[6]
D. F. Ferraiolo, R. Chandramouli, G.-J. Ahn, and S. Gavrila. The role control center: Features and case studies. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, June 2003.
[7]
D. F. Ferraiolo, J. A. Cuigini, and D. R. Kuhn. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC'95), Dec. 1995.
[8]
D. F. Ferraiolo and D. R. Kuhn. Role-based access control. In Proceedings of the 15th National Information Systems Security Conference, 1992.
[9]
D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security, 4(3):224--274, Aug. 2001.
[10]
L. Giuri and P. Iglio. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC'97), pages 153--159, Nov. 1997.
[11]
A. Kern. Advanced features for enterprise-wide role-based access control. In Proceedings of the 18th Annual Computer Security Applications Conference, pages 333--343, Dec. 2002.
[12]
A. Kern, A. Schaad, and J. Moffett. An administration concept for the enterprise role-based access control model. In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pages 3--11, June 2003.
[13]
N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114--130. IEEE Computer Society Press, May 2002.
[14]
A. D. Marshall. A financial institution's legacy mainframe access control system in light of the proposed NIST RBAC standard. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), pages 382--390, 2002.
[15]
J. D. Moffett. Control principles and role hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC 1998), Oct. 1998.
[16]
J. D. Moffett and E. C. Lupu. The uses of role hierarchies in access control. In Proceedings of the Fourth ACM Workshop on Role-Based Access Control (RBAC 1999), Oct. 1999.
[17]
NSA. Security enhanced linux. http://www.nsa.gov/selinux/.
[18]
M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, Feb. 1999.
[19]
S. Oh and R. S. Sandhu. A model for role admininstration using organization structure. In Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002), June 2002.
[20]
J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9): 1278--1308, September 1975.
[21]
R. S. Sandhu and V. Bhamidipati. Role-based administration of user-role assignment: The URA97 model and its Oracle implementation. Journal of Computer Security, 7, 1999.
[22]
R. S. Sandhu, V. Bhamidipati, E. Coyne, S. Ganta, and C. Youman. The ARBAC97 model for role-based administration of roles: preliminary description and outline. In Proceedings of the Second ACM workshop on Role-based access control (RBAC 1997), pages 41--50, Nov. 1997.
[23]
R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based aministration of roles. ACM Transactions on Information and Systems Security, 2(1): 105--135, Feb. 1999.
[24]
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, February 1996.
[25]
R. S. Sandhu and Q. Munawer. The ARBAC99 model for administration of roles. In Proceedings of the 18th Annual Computer Security Applications Conference, pages 229--238, Dec. 1999.
[26]
A. Schaad, J. Moffett, and J. Jacob. The role-based access control system of a European bank: A case study and discussion. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 3--9. ACM Press, 2001.
[27]
T. C. Ting. A user-role based data security approach. In C. Landwehr, editor, Database Security: Status and Prospects. Results of the IFIP WG 11.3 Initial Meeting, pages 187--208. North-Holland, 1988.
[28]
H. Wang and S. L. Osborn. An administrative model for role graphs. In Proceedings of the 17th Annual IFIP WG11.3 Working Conference on Database Security, Aug. 2003.
[29]
H. F. Wedde and M. Lischka. Cooperative role-based administration. In Proceedings of the Eighth ACM Symposium on Access control models and technologies (SACMAT 2003), pages 21--32. ACM Press, June 2003.
[30]
H. F. Wedde and M. Lischka. Modular authorization and administration. ACM Transactions on Information and System Security (TISSEC), 7(3):363--391, Aug. 2004.

Cited By

View all
  • (2024)Checking Temporal Constraints of Events in EBS at RuntimeCybernetics and Information Technologies10.2478/cait-2024-000524:1(82-97)Online publication date: 23-Mar-2024
  • (2024)Category-Based Administrative Access Control PoliciesACM Transactions on Privacy and Security10.1145/369819928:1(1-35)Online publication date: 28-Sep-2024
  • (2024)Leverage Data Security Policies Complexity for Users: An End-to-End Storage Service Management in the Cloud Based on ABAC AttributesMachine Learning for Networking10.1007/978-3-031-59933-0_14(199-217)Online publication date: 25-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security
March 2007
323 pages
ISBN:1595935746
DOI:10.1145/1229285
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 March 2007

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Article

Conference

Asia CCS07
Sponsor:

Acceptance Rates

ASIACCS '07 Paper Acceptance Rate 33 of 180 submissions, 18%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Checking Temporal Constraints of Events in EBS at RuntimeCybernetics and Information Technologies10.2478/cait-2024-000524:1(82-97)Online publication date: 23-Mar-2024
  • (2024)Category-Based Administrative Access Control PoliciesACM Transactions on Privacy and Security10.1145/369819928:1(1-35)Online publication date: 28-Sep-2024
  • (2024)Leverage Data Security Policies Complexity for Users: An End-to-End Storage Service Management in the Cloud Based on ABAC AttributesMachine Learning for Networking10.1007/978-3-031-59933-0_14(199-217)Online publication date: 25-May-2024
  • (2020)Admin-CBACProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375725(73-84)Online publication date: 16-Mar-2020
  • (2020)Role-Based Access Control Models for Android2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA50397.2020.00033(179-188)Online publication date: Oct-2020
  • (2020)A Model for the Administration of Access Control in Software Defined Networking using Custom Permissions2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPS-ISA50397.2020.00032(169-178)Online publication date: Oct-2020
  • (2018)Automated and efficient analysis of administrative temporal RBAC policies with role hierarchiesJournal of Computer Security10.3233/JCS-1575626:4(423-458)Online publication date: 10-Jul-2018
  • (2018)Using the graph-theoretic approach to solving the Role Mining problem2018 Dynamics of Systems, Mechanisms and Machines (Dynamics)10.1109/Dynamics.2018.8601487(1-5)Online publication date: Nov-2018
  • (2017)AARBAC: Attribute-Based Administration of Role-Based Access Control2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC.2017.00027(126-135)Online publication date: Oct-2017
  • (2017)Role updating in information systems using model checkingKnowledge and Information Systems10.1007/s10115-016-0974-451:1(187-234)Online publication date: 1-Apr-2017
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media