ABSTRACT
Administrative rights are more powerful permissions and checking accountability of execution of admin rights is an important security measure. Most of the administrative RBAC models distribute rights to multiple administrators. Though such decentralized security management has difficulties in checking admin accountability, it is more efficient compared to centralized approach, particularly in large organizations. We introduced administrative obligations in ARBAC as a way to improve the accountability of admin users in the decentralized systems. The proposed approach would reduce the potential of security risk and improve accountability of security administrators. As the cloud and mobile applications are becoming integral part of business information systems, ensuring the accountability of admins play a vital role in system security. Obligations are well studied feature in the security literature and adding them into security administration would open up many possibilities for future developments in this direction.
- E. Bertino, C. Bettini, E. Ferrari, and P. Samarati. Decentralized administration for a temporal access control models. Information Systems, 22(4):223--248, 1997. Google ScholarDigital Library
- J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 96(2):201--231, May 2003. Google ScholarDigital Library
- M. Dekker, J. Crampton, and S. Etalle. RBAC administration in distributed systems. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pages 93--102. ACM, December 2008. Google ScholarDigital Library
- K. Irwin, T. Yu, and W. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM conference on Computer and communications security, pages 134--143. ACM, November 2006. Google ScholarDigital Library
- A. Kern, A. Schaad, and J. Moffett. An administration concept for the enterprise role-based access control model. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pages 3--11. ACM, December 2003. Google ScholarDigital Library
- N. Li, H. Chen, and E. Bertino. On practical specification and enforcement of obligations. In Proceedings of the second ACM conference on Data and Application Security and Privacy, pages 71--82. ACM, February 2012. Google ScholarDigital Library
- N. Li and Z. Mao. Administration in role-based access control. In Proceedings of the ACM Asia Conference on Computer and Communications Security, pages 127--138. ACM, December 2007. Google ScholarDigital Library
- S. Oh, R. Sandhu, and X. Zhang. An effective role administration model using organization structure. ACM Transactions on Information and System Security, 9(2):113--137, May 2006. Google ScholarDigital Library
- M. Pontual, O. Chowdhury, W. Winsborough, T. Yu, and K. Irwin. Toward practical authorization-dependent user obligation systems. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pages 180--191. ACM, April 2010. Google ScholarDigital Library
- R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control, 2(1):105--135, February 1999. Google ScholarDigital Library
- R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, February 1996. Google ScholarDigital Library
- R. Sandhu and Q. Munawer. The ARBAC99 model for administration of roles. In Proceedings of 15th Annual Computer Security Applications Conference, pages 229--238. IEEE, December 1999. Google ScholarDigital Library
Index Terms
- POSTER: Security Enhanced Administrative Role Based Access Control Models
Recommendations
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web servicesThe OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
An effective role administration model using organization structure
Role-based access control (RBAC) is a well-accepted model for access control in an enterprise environment. When we apply RBAC model to large enterprises, effective role administration is a major issue. ARBAC97 is a well-known solution for decentralized ...
Comments