Extending RBAC for Large Enterprises and Its Quantitative Risk Evaluation

  • Seiichi Kondo
  • Mizuho Iwaihara
  • Masatoshi Yoshikawa
  • Masashi Torato
Part of the IFIP – The International Federation for Information Processing book series (IFIPAICT, volume 286)


Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved.

Furthermore, to select most cost-effective RBAC extensions for enterprise-wide requirements, we propose a quantitative risk evaluation method based on fault trees. We construct fault trees having security violation and productivity loss as top events, and RBAC standard functions and security incidents as basic events. Probabilities of the top events are computed for given RBAC models and operation environments. We apply this method to a real enterprise system using the above RBAC extension and the proposed model realizes more safety and productivity over the base model.


Access Control Fault Tree Access Control Policy Fault Tree Analysis Role Hierarchy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Feraiolo,D. and Kuhn,R., Role-Based Access Control, Communications of the 15th NIST-NSA National Computer Security Conference, 1992.Google Scholar
  2. 2.
    Ferraiolo,D., Sandhu,R., Gavrila,S., and Kuhn,R., Proposed NIST standard for Role-Based Ac- cess Control, ACM Transaction on Information and System Security, Vol.4 No.3, 2001.Google Scholar
  3. 3.
    Feraiolo,D., Kuhn,R., and Chandramouli,R., Role-Based Access Control Second Edition, Com- puter Security Series, ARTECH HOUSE, 2007.Google Scholar
  4. 4.
    Kern,A., Kuhlmann,M., Schaad,A., and Moffett,J., Observations on the role life-cycle in the context of enterprise security management, SACMAT'02, 2002.Google Scholar
  5. 5.
    Kern,A., Kuhlmann,M., Kuropka,R., and Ruthert,A., A meta model for authorisations in applica- tion security systems and their integation into RBAC administration, SACMAT'04, 2004.Google Scholar
  6. 6.
    Al-Kahtani, M. A. and Sandhu, R., A Model for Attribute-Based User-Role Assignment, 18th Annual Computer Security Applications Conference (ACSAC), 2002.Google Scholar
  7. 7.
    Kern,A. and Walhorn,C., Rule support for role-based access control, SACMAT'05, 2005.Google Scholar
  8. 8.
    Zhang,L., Ahn,G., and Chu,B. A rule-based framework for role-based delegation and revocation ACM Transactions on Information and system security (TISSEC), 2003.Google Scholar
  9. 9.
    Byun,J., Soh,Y., and Bertino,E. Systematic Control and Management of Data Integrity, SACMAT'06, 2006.Google Scholar
  10. 10.
    Bank for International Settlements (BIS), Basel II: Revised international capital framework, 2004.Google Scholar
  11. 11.
    Gallaher,M., O’Connor,A, and Kropp,B. The Economic Impact of Role-Based Access Control (NIST Planning Report 02-1), March 2002.Google Scholar
  12. 12.
    Briney,A., Security Focused, Information security, September 2000.Google Scholar
  13. 13.
    Computer Security Institute, CSI Survey 2007, The 12th Annual Computer Crime and Security Survey, 2007.Google Scholar
  14. 14.
    U.S. Nuclear regulatory Commission, Fault Tree Handbook, January 1981.Google Scholar
  15. 15.
    Brooke, P., and Paige, R., Fault trees for security system design and analysis, Computer & Secu-rity, Vol.23, No 3, 2003.Google Scholar
  16. 16.
    Sun Java System Identity Manager.
  17. 17.

Copyright information

© International Federation for Information Processing 2008

Authors and Affiliations

  • Seiichi Kondo
    • 1
  • Mizuho Iwaihara
    • 2
  • Masatoshi Yoshikawa
    • 2
  • Masashi Torato
    • 3
  1. 1.Mitsubishi Electric CorporationKamakura-city, KanagawaJapan
  2. 2.Kyoto UniversitySakyo-ku, KyotoJapan
  3. 3.Mitsubishi Electric Information SystemKamakura, KanagawaJapan

Personalised recommendations