A user-centered, modular authorization service built on an RBAC foundation

Psychological acceptability has been mentioned as a requirement for secure systems for as long as least privilege and fail safe defaults, but until now has been all but ignored in the actual design of secure systems. We place this principle at the center of our design for Adage, an authorization service for distributed applications. We employ usability design techniques to specify and test the features of our authorization language and the corresponding administrative GUI. Our testing results reinforce our initial design center and suggest directions for deployment of our authorization services. A modular architecture allows us to experiment with our design during short term integration, and evolve it for longer term exploration. An RBAC foundation enables coherent design of flexible authorization constraints and queries. We discuss lessons learned from the implementation of this service through a planned deployment in a context that must balance new research in risk management with dependencies on legacy services.

[1]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[2]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[3]  Wendy E. Mackay,et al.  Triggers and barriers to customizing software , 1991, CHI.

[4]  Ravi Sandhu A Lattice Interpretation Of The Chinese Wall Policy , 1992 .

[5]  John K. Ousterhout,et al.  Tcl and the Tk Toolkit , 1994 .

[6]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[7]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[8]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[9]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[11]  Dan Thomsen,et al.  Role based access control framework for network enterprises , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[12]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[13]  A. M. Tjoa,et al.  Access controls for federated database environments - taxonomy of design choices , 1995 .

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[16]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[17]  Michael Eisenberg,et al.  Programmable applications: interpreter meets interface , 1995, SGCH.

[18]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[19]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[20]  Elisa Bertino,et al.  Supporting multiple access control policies in database systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[21]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[23]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[24]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[25]  Vijay Varadharajan,et al.  A logic for state transformations in authorization policies , 1997, Proceedings 10th Computer Security Foundations Workshop.

[26]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[27]  Abraham Silberschatz,et al.  Database Systems Concepts , 1997 .

[28]  Steven J. Greenwald A new security policy for distributed resource management and access control , 1996, NSPW '96.

[29]  Karen Holtzblatt,et al.  Contextual design , 1997, INTR.

[30]  Ravi S. Sandhu,et al.  Conceptual foundations for a model of task-based authorizations , 1994, Proceedings The Computer Security Foundations Workshop VII.

[31]  Simson L. Garfinkel,et al.  Practical UNIX and Internet Security , 1996 .

[32]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[33]  William R. Bevier,et al.  A Constraint Language for Adage , 1997 .

[34]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[35]  Ward Rosenberry,et al.  Understanding DCE , 1992 .

[36]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[37]  Larry L. Constantine,et al.  Essential modeling: use cases for user interfaces , 1995, INTR.