An Audit-Integrated ARBAC Model

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

[1]  Ravi Sandhu,et al.  The ASCAA principles for next-generation role-based access control , 2008 .

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Frédéric Cuppens,et al.  Analyzing consistency of security policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  George Loizou,et al.  Administrative scope: A foundation for role-based administrative models , 2003, TSEC.

[5]  Vladimir A. Oleshchuk,et al.  Conformance Checking of RBAC Policy and its Implementation , 2005, ISPEC.

[6]  Ninghui Li,et al.  Beyond proof-of-compliance: safety and availability analysis in trust management , 2003, 2003 Symposium on Security and Privacy, 2003..

[7]  Zijiang Yang,et al.  Policy analysis for administrative role based access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[8]  Ninghui Li,et al.  Security analysis in role-based access control , 2004, SACMAT '04.

[9]  Insup Lee,et al.  Permission to speak: A logic for access control and conformance , 2011, J. Log. Algebraic Methods Program..