论文信息 - Extending the CIM-SPL policy language with RBAC for distributed management systems in the WBEM infrastructure

Extending the CIM-SPL policy language with RBAC for distributed management systems in the WBEM infrastructure

In spite of the large effort behind the development of the WBEM and CIM standards for the management of distributed systems, there has been very little work addressing security in those standards. In this paper we present a Role-based Access Control (RBAC) policy language to render finegrained access control policies for WBEM and CIM. The language is an extension of CIM-SPL, a preliminary DMTF policy language standard. The CIM-SPL RBAC extension fully complies with the WBEM standards. Access control policies can be specified for CIM object constructs according to the standard NIST RBAC model as well as with an extended model adapted for CIM. This extension provides a policy-based RBAC mechanism in the WBEM infrastructure.

Jorge Lobo | Li Pan | Seraphin B. Calo

[1] Edgard Jamhour,et al. An RBAC-based policy information base , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[2] Jorge Lobo,et al. Issues in Designing a Policy Language for Distributed Management of IT Infrastructures , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[3] Ravi S. Sandhu,et al. The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[4] Raouf Boutaba,et al. Policy-based Management: A Historical Perspective , 2007, Journal of Network and Systems Management.

[5] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[6] John Strassner,et al. Policy Core Lightweight Directory Access Protocol (LDAP) Schema , 2004, RFC.

[7] Roch Guérin,et al. A Framework for Policy-based Admission Control , 2000, RFC.

[8] Emil C. Lupu,et al. The Ponder Policy Specification Language , 2001, POLICY.

[9] Andrea Westerinen,et al. Policy Core Information Model - Version 1 Specification , 2001, RFC.

[10] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..