RBAC administration in distributed systems

Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.

[1]  Ninghui Li,et al.  Administration in role-based access control , 2007, ASIACCS '07.

[2]  Jason Crampton,et al.  Delegation in role-based access control , 2007, International Journal of Information Security.

[3]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[4]  George Loizou,et al.  Administrative scope: A foundation for role-based administrative models , 2003, TSEC.

[5]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[6]  Sandro Etalle,et al.  Extended privilege inheritance in RBAC , 2007, ASIACCS '07.

[7]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[8]  Ravi Sandhu,et al.  Push Architectures for User Role Assignment , 2000 .

[9]  Andreas Schaad,et al.  An administration concept for the enterprise role-based access control model , 2003, SACMAT '03.

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[11]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[12]  Ninghui Li,et al.  Distributed credential chain discovery in trust management: extended abstract , 2001, CCS '01.

[13]  Akhil Kumar,et al.  A fine-grained, controllable, user-to-user delegation method in RBAC , 2005, SACMAT '05.

[14]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[15]  He Wang,et al.  An Administrative Model for Role Graphs , 2003, DBSec.