论文信息 - Extending RBAC for Large Enterprises and Its Quantitative Risk Evaluation

Extending RBAC for Large Enterprises and Its Quantitative Risk Evaluation

Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved.

[1] Elisa Bertino,et al. Systematic control and management of data integrity , 2006, SACMAT '06.

[2] Michael P. Gallaher,et al. Planning Report 02-1: The Economic Impact of Role-Based Access Control | NIST , 2002 .

[3] Axel Kern,et al. Rule support for role-based access control , 2005, SACMAT '05.

[4] Ravi S. Sandhu,et al. A model for attribute-based user-role assignment , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[5] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[6] Martin Kuhlmann,et al. A meta model for authorisations in application security systems and their integration into RBAC administration , 2004, SACMAT '04.

[7] J. van Leeuwen,et al. Information Security , 2003, Lecture Notes in Computer Science.

[8] Richard F. Paige,et al. Fault trees for security system design and analysis , 2003, Comput. Secur..

[9] M. Gallaher,et al. The Economic Impact of Role-Based Access Control , 2002 .

[10] Ramaswamy Chandramouli,et al. Role-Based Access Control, Second Edition , 2007 .

[11] Andreas Schaad,et al. Observations on the role life-cycle in the context of enterprise security management , 2002, SACMAT '02.