ABSTRACT
Access control in enterprises is a key research area in the realm of Computer Security because of the unique needs of the target enterprise. As the enterprise typically has large user and resource pools, administering the access control based on any framework could in itself be a daunting task. This work presents X-GTRBAC Admin, an administration model that aims at enabling policy administration within a large enterprise. In particular, it simplifies the process of user-to-role and permission-to-role assignments, and thus allows decentralization of the policy administration tasks. Secondly, it also allows for specifying the domain of authority of the system administrators, and hence provides mechanism to distribute the administrative authority over multiple domains within the enterprise. The paper also illustrates the applicability of the administrative concepts presented in our framework for enterprise-wide access control.
- Overview of Enterprise Computing http://faculty.washington.edu/jtenenbg/courses/455/s02/sessions/ec_overview.pptGoogle Scholar
- XACML 1.0 Specification http://xml.coverpages.org/ni2003-02-11-a.htmlGoogle Scholar
- R. Bhatti, "X-GTRBAC: An XML-based Policy Specification Framework and Architecture for Enterprise-Wide Access Control", Masters thesis, Purdue University, May 2003. Available as CERIAS tech. report 2003-27.Google Scholar
- J. B. D. Joshi, Elisa Bertino, Usman Latif, Arif Ghafoor, "Generalized Temporal Role Based Access Control Model (GTRBAC)", Submitted to IEEE Transaction on Knowledge and Data Engineering. Available as CERIAS tech. report 2001-47.Google Scholar
- R. Sandhu and Q. Munawer. The ARBAC99 model for administration of roles. In Proceedings of the 15th Annual Computer Security Applications Conference, Dec 1999. Google ScholarDigital Library
- D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. Richard Kuhn, Ramaswamy Chandramouli, "Proposed NIST standard for role-based access control", ACM Transactions on Information and System Security (TISSEC), Volume 4 , Issue 3 (August 2001). Google ScholarDigital Library
- R. Sandhu, E. J. Coyne, H. L. Feinstein, C. E. Youman, "Role Based Access Control Models", IEEE Computer Vol. 29, No 2, February 1996. Google ScholarDigital Library
- S. L. Osborn, R. Sandhu, Q. Munawer, "Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies," ACM Transactions on Information and System Security, Vol. 3, No. 2, February 2000, pp. 85--106. Google ScholarDigital Library
- J. B. D. Joshi, Elisa Bertino, Arif Ghafoor, "Temporal hierarchies and inheritance semantics for GTRBAC", In proceedings of 7th ACM Symposium on Access Control Models and Technologies, June 2002. Google ScholarDigital Library
- J. Bacon, K. Moody, W. Yao, "A model of OASIS role-based access control and its support for active security", ACM Transactions on Information and System Security (TISSEC) Volume 5 , Issue 4 , November 2002. Google ScholarDigital Library
- M. A. Al-Kahtani, R. Sandhu, "A Model for Attribute-Based User-Role Assignment", In proceedings of 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, December 2002. Google ScholarDigital Library
- S. Oh, R. Sandhu, "A model for role administration using organization structure", In proceedings of the seventh ACM symposium on Access control models and technologies, June 2002. Google ScholarDigital Library
- A. Kern, A. Schaad, J. Moffett, "An administration concept for the enterprise role-based access control model", In proceedings of 8th ACM Symposium on Access Control Models and Technologies, June 2003. Google ScholarDigital Library
Index Terms
- X-GTRBAC admin: a decentralized administration model for enterprise wide access control
Recommendations
X-gtrbac admin: A decentralized administration model for enterprise-wide access control
The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While ...
Dependencies and separation of duty constraints in GTRBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesA Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC's language constructs allow one to specify various temporal constraints on ...
Temporal hierarchies and inheritance semantics for GTRBAC
SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologiesA Generalized Temporal Role Based Access Control (GTRBAC) model that allows specification of a comprehensive set of temporal constraint for access control has recently been proposed. The model constructs allow one to specify various temporal constraints ...
Comments