Secure Role Activation and Authorization in the Enterprise Environment

Role Based Access Control (RBAC) [3] is a popular approach to specify and enforce security policies in organizations. In large enterprise systems, the number of users, roles and permissions can be in hundreds or thousands and the security management can be a tedious task. One way to simplify the security management in RBAC is to allow the specification and the enforcement of dynamic constraints to be decentralized [7]. In this paper, we discuss the issues for supporting secure role activation and authorization when the decentralized approach to role activation management is adopted. Secure protocols are proposed to handle the processes of role assignment, role activation and authorization.

[1]  Hongjin Yeh,et al.  Effective Web-Related Resource Security Using Distributed Role Hierarchy , 2004, WAIM.

[2]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[3]  David Mazières,et al.  Proactive Two-Party Signatures for User Authentication , 2003, NDSS.

[4]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[5]  Ramaswamy Chandramouli,et al.  Role-Based Access Control Features in Commercial Database Management Systems , 1998 .

[6]  Vijay Varadharajan,et al.  Policy Administration Domains , 2002, ACISP.

[7]  Ravi S. Sandhu,et al.  RBAC on the Web by smart certificates , 1999, RBAC '99.

[8]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[9]  Ravi S. Sandhu,et al.  RBAC on the Web by Secure Cookies , 1999, DBSec.

[10]  Siu-Ming Yiu,et al.  Role Activation Management in Role Based Access Control , 2005, ACISP.

[11]  Dongho Won,et al.  Proxy signatures, Revisited , 1997, ICICS.

[12]  José A. Montenegro,et al.  A Practical Approach of X.509 Attribute Certificate Framework as Support to Obtain Privilege Delegation , 2004, EuroPKI.

[13]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.