Understanding and developing role-based administrative models

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Understanding and developing role-based administrative models

Full text

Pdf (223 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 12th ACM conference on Computer and communications security table of contents

Alexandria, VA, USA

SESSION: Access control table of contents

Pages: 158 - 167

Year of Publication: 2005

ISBN:1-59593-226-7

Author

Jason Crampton

University of London, England

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 118, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1102120.1102143 What is a DOI?

ABSTRACT

Access control data structures generally need to evolve over time in order to reflect changes to security policy and personnel. An administrative model defines the rules that control the state changes to an access control model and the data structures that model defines. We present a powerful framework for describing role-based administrative models. It is based on the concept of administrative domains and criteria that control state changes in order to preserve certain features of those domains. We define a number of different sets of criteria, each of which control the effect of state changes on the set of administrative domains and thereby lead to different role-based administrative models. Using this framework we are able to identify some unexpected connections between the ARBAC97 and RHA administrative models and to compare their respective properties. In doing so we are able to suggest some improvements to both models.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Abrams, M., LaPadula, L., and Olson, I. M. Building generalized access control on UNIX. In Proceedings of Second USENIX UNIX Security Workshop/ (1990), pp. 65--70.
	2	American National Standards Institute. ANSI INCITS 359-2004 for Role Based Access Control, 2004.
	3	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001 [doi>10.1145/501978.501979]
	4	Crampton, J. Authorization and antichains. PhD thesis, Birkbeck, University of London, London, England, 2002. Available from http://www.isg.rhul.ac.uk~jason.
	5	Crampton, J. Understanding and developing role-based administrative models. Tech. Rep. RHUL--MA--2005--6, Royal Holloway, University of London, 2005.
	6	Jason Crampton , George Loizou, Administrative scope: A foundation for role-based administrative models, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.201-231, May 2003 [doi>10.1145/762476.762478]
	7	Davey, B., and Priestley, H. Introduction to Lattices and Order. Cambridge University Press, Cambridge, United Kingdom, 1990.
	8	Ferraiolo, D., and Kuhn, D. Role-based access control. In Proceedings of the 15th NIST-NSA National Computer Security Conference (1992), pp. 554--563.
	9	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	10	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976 [doi>10.1145/360303.360333]
	11	Ninghui Li , Mahesh V. Tripunitara, Security analysis in role-based access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990058]
	12	Munawer, Q., and Sandhu, R. Simulation of the augmented typed access matrix model (ATAM) using roles. In Proceedings INFOSECU99 International Conference on Information Security (1999).
	13	Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999 [doi>10.1145/300830.300832]
	14	Ravi Sandhu, Role activation hierarchies, Proceedings of the third ACM workshop on Role-based access control, p.33-40, October 22-23, 1998, Fairfax, Virginia, United States [doi>10.1145/286884.286891]
	15	Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999 [doi>10.1145/300830.300839]
	16	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845 ]

CITED BY 2

	Ninghui Li , Ziqing Mao, Administration in role-based access control, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Scott D. Stoller , Ping Yang , C R. Ramakrishnan , Mikhail I. Gofman, Efficient policy analysis for administrative role based access control, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA