Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration

AbStrAct This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies spanning multiple organizations. After reviewing recently proposed Role and Organization Based Access Control (ROBAC) models, an administrative ROBAC model called AROBAC07 is presented and formalized in this chapter. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between AROBAC07 and other administrative RBAC models are given. We show that ROBAC/AROBAC07 can significantly reduce administration complexity for applications involving a large number of organizational units. Finally, an application compartment-based delegation model is introduced, which provides a method to construct administrative role hierarchy in AROBAC07. We show that the AROBAC07 model provides convenient ways to decentralize administrative tasks for ROBAC systems and scales up well for role-based systems involving a large number of organizational units.

[1]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[2]  Arun Kumar,et al.  Context sensitivity in role-based access control , 2002, OPSR.

[3]  Ravi S. Sandhu,et al.  ROBAC: Scalable Role and Organization Based Access Control Models , 2006, 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[4]  Joon S. Park,et al.  A composite rbac approach for large, complex organizations , 2004, SACMAT '04.

[5]  Najam Perwaiz Structured management of role-permission relationships , 2001, SACMAT '01.

[6]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[7]  Ravi S. Sandhu,et al.  An effective role administration model using organization structure , 2006, TSEC.

[8]  Pietro Iglio,et al.  Role templates for content-based access control , 1997, RBAC '97.

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[11]  Sylvia L. Osborn,et al.  The role graph model and conflict of interest , 1999, TSEC.

[12]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[13]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[14]  Elisa Bertino,et al.  X-GTRBAC admin: a decentralized administration model for enterprise wide access control , 2004, SACMAT '04.

[15]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[16]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[17]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[18]  George Loizou,et al.  Administrative scope: A foundation for role-based administrative models , 2003, TSEC.

[19]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[20]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[21]  Jeremy L. Jacob,et al.  The role-based access control system of a European bank: a case study and discussion , 2001, SACMAT '01.