Advertisement

Policy Administration Domains

  • M. Hitchens
  • Vijay Varadharajan
  • G. Saunders
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)

Abstract

We present a model for policy administration structures. The model consists of a mathematical notation that captures the relationship between policies and objects and the entities that manage policies for those objects. In the model a system is viewed as consisting of a number of policy administration domains. The domains are arranged in a hierarchy, representing descending levels of authority. The presence of an object in a domain represents the ability of the manager of that domain to write policy for that object. A number of important issues for policy administration are identified and addressed within the model. These include meta-policy questions, such as who has control over the placement of an object in a policy administration domain and where it can be moved within the hierarchy. A number of possible approaches to each of these questions is identified and expressed in the notation presented. The model is capable of expressing policy administration in DAC, MAC and combined systems.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barkley, J. & Cincotta, A.,’ Managing role/permission relationships using object access types’, Proceedings of the 3rd ACM workshop on Role-based access control, Fairfax, USA, 1998, pp. 73–80.Google Scholar
  2. 2.
    Damianou, N., Dulay, N., Lupu, E. & Sloman, M.,’ The Ponder Policy Specification Language’, Proceedings of International workshop on Policies for Distributed Systems and Networks, Bristol, UK, January, 2001, pp. 18–38.Google Scholar
  3. 3.
    Fabry, R.,’ Capability-Based Addressing’, Communications of the ACM, 17(7), July, 1974, pp. 403–412.Google Scholar
  4. 4.
    Faden. G.,’ RBAC in UNIX administration’, Proceedings of the 4th ACM workshop on role-based access control, Fairfax, USA, 1999, pp. 95–101.Google Scholar
  5. 5.
    Ferraiolo, D., and Kuhn, R.:’ Role based access controls’, Proceedings of the 15th NIST-NCSC National Computer Security Conference, Baltimore MD, USA, 1992, pp. 554–563.Google Scholar
  6. 6.
    Gavrila, S. & Barkley, J.,’ Formal specification for role based access control user/role and role/role relationship management’, Proceedings of the 3rd ACM workshop on Role-based access control, Fairfax, USA, 1998, pp. 81–90.Google Scholar
  7. 7.
    Hitchens, M. & Varadharajan, V.,’ Tower: A Language for Role Based Access Control’, Proceedings of International workshop on Policies for Distributed Systems and Networks, Bristol, UK, January, 2001, pp. 88–106.Google Scholar
  8. 8.
    Kanada, Y.,’ Taxonomy and Description of Policy Combination Methods’, Proceedings of International workshop on Policies for Distributed Systems and Networks, Bristol, UK, January, 2001, pp. 171–184.Google Scholar
  9. 9.
    Marshall, I. & McKee, P.,’ A Policy Based Management Architecture for Large Scale Active Communication Systems’, Proceedings of International workshop on Policies for Distributed Systems and Networks, Bristol, UK, January, 2001, pp. 202–213.Google Scholar
  10. 10.
    Mönkeberg, A. & Rakete, R., ‘Three for one: role-based access-control management in rapidly changing heterogeneous environments’, Proceedings of the 5th ACM workshop on role-based access control, Berlin, Germany, 2000, pp. 83–88.Google Scholar
  11. 11.
    Osborn, S, & Guo, Y., ‘Modeling users in role-based access control’, Proceedings of the 5th ACM workshop on role-based access control, Berlin, Germany, 2000, pp. 31–37.Google Scholar
  12. 12.
    Sandhu, R. ‘Lattice based access control models’, Computer, 26(11), November, 1993, pp. 9–19.Google Scholar
  13. 13.
    Sandhu, R., Coyne, E.J., and Feinstein, H.L., ‘Role based access control models’, IEEE Computer, 1996, 29,(2), pp. 38–47.Google Scholar
  14. 14.
    Sandhu, R. & Munawer, Q., ‘How to do discretionary access control using roles’, Proceedings of the 3rd ACM workshop on Role-based access control, Fairfax, USA, 1998, pp. 47–52.Google Scholar
  15. 15.
    Sandhu, R. & Munawer, Q.,’ The ARBAC99 Model for Administration of Roles’, Proceedings of 15th Annual Computer Security Applications Conference, Phoenix, USA, 1999Google Scholar
  16. 16.
    Zurko, M., Simon, R., and Sanfilippo, T.:’ A user-centered, modular authorization service built on an RBAC foundation’, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, USA, 1999. pp. 57–71.Google Scholar
  17. 17.
    Perwaiz, N. & Sommerville, I.’ Structured management of role-permission relationships’, Proceedings of the 6th ACM workshop on role-based access control, Chantilly, USA, 2000, pp. 163–169.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • M. Hitchens
    • 1
  • Vijay Varadharajan
    • 1
  • G. Saunders
    • 2
  1. 1.Distributed System and Network Security Research Group Department of ComputingMacquarie UniversityAustralia
  2. 2.Department of Computer ScienceUniversity of SydneyAustralia

Personalised recommendations