POSTER: Security Enhanced Administrative Role Based Access Control Models

Authors:
Rajkumar P.V.

Texas Southern University, Houston, TX, USA

Texas Southern University, Houston, TX, USA
View Profile

,
Ravi Sandhu

University of Texas San Antonio, San Antonio, TX, USA

University of Texas San Antonio, San Antonio, TX, USA
View Profile

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2016Pages 1802–1804https://doi.org/10.1145/2976749.2989068

Published:24 October 2016Publication History

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 1802–1804

ABSTRACT

Administrative rights are more powerful permissions and checking accountability of execution of admin rights is an important security measure. Most of the administrative RBAC models distribute rights to multiple administrators. Though such decentralized security management has difficulties in checking admin accountability, it is more efficient compared to centralized approach, particularly in large organizations. We introduced administrative obligations in ARBAC as a way to improve the accountability of admin users in the decentralized systems. The proposed approach would reduce the potential of security risk and improve accountability of security administrators. As the cloud and mobile applications are becoming integral part of business information systems, ensuring the accountability of admins play a vital role in system security. Obligations are well studied feature in the security literature and adding them into security administration would open up many possibilities for future developments in this direction.

References

E. Bertino, C. Bettini, E. Ferrari, and P. Samarati. Decentralized administration for a temporal access control models. Information Systems, 22(4):223--248, 1997. Google ScholarDigital Library
J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 96(2):201--231, May 2003. Google ScholarDigital Library
M. Dekker, J. Crampton, and S. Etalle. RBAC administration in distributed systems. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pages 93--102. ACM, December 2008. Google ScholarDigital Library
K. Irwin, T. Yu, and W. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM conference on Computer and communications security, pages 134--143. ACM, November 2006. Google ScholarDigital Library
A. Kern, A. Schaad, and J. Moffett. An administration concept for the enterprise role-based access control model. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pages 3--11. ACM, December 2003. Google ScholarDigital Library
N. Li, H. Chen, and E. Bertino. On practical specification and enforcement of obligations. In Proceedings of the second ACM conference on Data and Application Security and Privacy, pages 71--82. ACM, February 2012. Google ScholarDigital Library
N. Li and Z. Mao. Administration in role-based access control. In Proceedings of the ACM Asia Conference on Computer and Communications Security, pages 127--138. ACM, December 2007. Google ScholarDigital Library
S. Oh, R. Sandhu, and X. Zhang. An effective role administration model using organization structure. ACM Transactions on Information and System Security, 9(2):113--137, May 2006. Google ScholarDigital Library
M. Pontual, O. Chowdhury, W. Winsborough, T. Yu, and K. Irwin. Toward practical authorization-dependent user obligation systems. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 180--191. ACM, April 2010. Google ScholarDigital Library
R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control, 2(1):105--135, February 1999. Google ScholarDigital Library
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, February 1996. Google ScholarDigital Library
R. Sandhu and Q. Munawer. The ARBAC99 model for administration of roles. In Proceedings of 15th Annual Computer Security Applications Conference, pages 229--238. IEEE, December 1999. Google ScholarDigital Library

Index Terms

POSTER: Security Enhanced Administrative Role Based Access Control Models

Recommendations

PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Read More
A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web services

The OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
Read More
An effective role administration model using organization structure

Role-based access control (RBAC) is a well-accepted model for access control in an enterprise environment. When we apply RBAC model to large enterprises, effective role administration is a major issue. ARBAC97 is a well-known solution for decentralized ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
October 2016
1924 pages
ISBN:9781450341394
DOI:10.1145/2976749
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA
Copyright © 2016 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 October 2016
Check for updates
Author Tags
RBAC
access control
administration
operating system
security
Qualifiers
- poster
Conference

Acceptance Rates
CCS '16 Paper Acceptance Rate137of831submissions,16%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 491
  Total Downloads
- Downloads (Last 12 months)59
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

POSTER: Security Enhanced Administrative Role Based Access Control Models

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

PBDM: a flexible delegation model in RBAC

A role-based XACML administration and delegation profile and its enforcement architecture

An effective role administration model using organization structure