Administrative scope: A foundation for role-based administrative models

We introduce the concept of administrative scope in a role hierarchy and demonstrate that it can be used as a basis for role-based administration. We then develop a family of models for role hierarchy administration (RHA) employing administrative scope as the central concept. We then extend RHA4, the most complex model in the family, to a complete, decentralized model for role-based administration. We show that SARBAC, the resulting role-based administrative model, has significant practical and theoretical advantages over ARBAC97. We also discuss how administrative scope might be applied to the administration of general hierarchical structures, how our model can be used to reduce inheritance in the role hierarchy, and how it can be configured to support discretionary access control features.

[1]  Walid G. Aref,et al.  Digital Government Security Infrastructure Design Challenges , 2001, Computer.

[2]  Qamar Munawer,et al.  Simulation of the Augmented Typed Access Matrix Model (ATAM) using Roles , 1999 .

[3]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[4]  John F. Barkley,et al.  Comparing simple role based access control models and access control lists , 1997, RBAC '97.

[5]  Serban I. Gavrila,et al.  Formal specification for role based access control user/role and role/role relationship management , 1998, RBAC '98.

[6]  Virgil D. Gligor,et al.  Characteristics of role-based access control , 1996, RBAC '95.

[7]  Luigi V. Mancini,et al.  A graph-based formalism for RBAC , 2002, TSEC.

[8]  Adrian Baldwin,et al.  Towards a more complete model of role , 1998, RBAC '98.

[9]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[10]  Christian Friberg,et al.  Support for discretionary role based access control in ACL-oriented operating systems , 1997, RBAC '97.

[11]  Marek J. Sergot,et al.  Power and Permission in Security Systems , 1999, Security Protocols Workshop.

[12]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[13]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[14]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[16]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[17]  Emil C. Lupu,et al.  The uses of role hierarchies in access control , 1999, RBAC '99.

[18]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[19]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[20]  Brian A. Davey,et al.  An Introduction to Lattices and Order , 1989 .

[21]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .