Advertisement

Management Advantages of Object Classification in Role-Based Access Control (RBAC)

  • Mohammad Jafari
  • Mohammad Fathian
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4846)

Abstract

This paper investigates the advantages of enabling object classification in role-based access control (RBAC). First, it is shown how the merits of the RBAC models can be ascribed to its using of abstraction and state of dependencies. Following same arguments, it is shown how inclusion of object classification will ameliorate dependencies and abstractions in the model. The discussion contains examining seven criteria to compare object-classification-enabled RBAC with plain RBAC and trivial-permission-assignment models, in order to show the advantages of object classification in a more formal manner. The criteria are: number and complexity of decisions, change management cost, risk of errors, policy portability and reuse, enforcement and compliance, support for traditional information classification policies, and object grouping and management support.

Keywords

Access Control Role-Based Access Control (RBAC) Object Classification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    American National Standards Institute: American National Standard for Information Technology, Role Based Access Control, ANSI/INCITS 359 (2004) Google Scholar
  2. 2.
    Bell, D.E., Lapadula, L.J.: Secure Computer Systems: Mathematical Foundations, Mitre Corp., Bedford, MA, Technical Report ESD-TR-73-278 (1973) Google Scholar
  3. 3.
    Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized Role-Based Access Control for Securing Future Applications. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore, MD, October 2000 (2000)Google Scholar
  4. 4.
    Damiani, Ernesto, Vimercati, De Capitani Di, S., Paraboschi, Stefano, Samarati, Pierangela.: Design and Implementation of an Access Control Processor for XML Documents. In: Proceedings of the 9th International World Wide Web Conference on Computer Networks: the International Journal of Computer and Telecommunications Networking, pp. 59–75 (2000) Google Scholar
  5. 5.
    Damiani, Ernesto, Vimercati, De Capitani Di, S., Paraboschi, Stefano, Samarati, Pierangela.: A Fine-Grained Access Control System For XML Documents. ACM Transactions on Information and System Security 5(2), 169–202 (2002)CrossRefGoogle Scholar
  6. 6.
    Ferraiolo, D.F., Kuhn, R.: Role-Based Access Control. In: Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland, October 1992, pp. 554–563 (1992)Google Scholar
  7. 7.
    Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R.: Role-Based Access Control: Features and Motivations. In: Proceedings of the 11th Annual Computer Security Applications, New Orleans, LA, December 1995, pp. 241–248 (1995)Google Scholar
  8. 8.
    Ferraiolo, D.F., Barkley, J.F., Kuhn, D.R.: A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)CrossRefGoogle Scholar
  9. 9.
    Ferraiolo, D.F., Sandhu, Ravi, Gavrila, Serban, Kuhn, D.R., Chandrmouli, Ramaswamy.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  10. 10.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, Ramaswamy.: Role-Based Access Control, Artech House London (2003) Google Scholar
  11. 11.
    Giuri, Luigi, Iglio, Pietro.: Role Templates For Content-Based Access Control. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 153–159 (1997)Google Scholar
  12. 12.
    Goh, Cheh, Baldwin, Adrian.: Towards a More Complete Model of Role. In: Proceedings of the Third ACM Workshop on Role-Based Access Control, pp. 55–62 (1998)Google Scholar
  13. 13.
    Hu, Ferraiolo, V.C., Kuhn, D.F., Rick, D.: Assessment of Access Control Systems, National Institute of Standard Technology, Interagency Report 7316 (2006) Google Scholar
  14. 14.
    International Standard Organization: Information Technology-Security Techniques-Code of Practice for Information Security Management, ISO/IEC 17799:2005 (2005) Google Scholar
  15. 15.
    International Standard Organization: Information Technology-Security Techniques- Information Security Management Systems Requirements, ISO/IEC 27001:2005 (2005) Google Scholar
  16. 16.
    Kumar, Arun, Karnik, Neeran, Chafle, Girish.: Context Sensitivity in Role-Based Access Control. ACM SIGOPS Operating Systems Review 36(3), 53–66 (2002)CrossRefGoogle Scholar
  17. 17.
    Osborn, Sylvia, Sandhu, Ravi, Munawer, Qamar.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)CrossRefGoogle Scholar
  18. 18.
    Roeckle, Haio, Schimpf, Gerhard, Weidinger, Rupert.: Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organization. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, pp. 103-110 (2000)Google Scholar
  19. 19.
    Sandhu, Ravi, Coyne, Edward. J., Feinstein, Hal, L., Youman, Charles, E.: Role-Based Access Control: A Multi-Dimensional View. In: Proceedings of 10th Annual Computer Security Applications Conference, December 1994, Orlando, Florida, pp. 54–62 (1994) Google Scholar
  20. 20.
    Sandhu, Ravi, Coynek, Edward, J., Feinsteink, Hal, L., Youmank, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  21. 21.
    Schaad, Andreas, Moffett, Jonathan, Jacob, Jeremy.: The Role-Based Access Control System of a European Bank: a Case Study and Discussion. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3–9 (2001) Google Scholar
  22. 22.
    Thomas, R.K.: Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 13–19 (1997) Google Scholar
  23. 23.
    Al-Kahtani, M.A., Sandhu, R.: Induced Role Hierarchies with Attribute-Based RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 142–148 (2003) Google Scholar
  24. 24.
    Chae, J.: Towards Modal Logic Formalization of the Role-based Access Control with Object Classes. In: FORTE 2007. LNCS, vol. 4574, pp. 97–111. Springer, Heidelberg (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Mohammad Jafari
    • 1
  • Mohammad Fathian
    • 1
  1. 1.Department of Information Technology, Faculty of Industrial Engineering, University of Science and Technology (IUST), Narmak, TehranIran

Personalised recommendations