Axel Kern
ABSTRACT
Using an underlying role-based model for the administration of roles has proved itself to be a successful approach. This paper sets out to describe the enterprise role-based access control model (ERBAC) in the context of SAM Jupiter, a commercial enterprise security management software.We provide an overview of the role-based conceptual model underlying SAM Jupiter. Having established this basis, we describe how the model is used to facilitate a role-based administration approach. In particular, we discuss our notion of 'scopes', which describe the objects over which an administrator has authority. The second part provides a case study based on our real-world experiences in the implementation of role-based administrative infrastructures. Finally, a critical evaluation and comparison with current approaches to administrative role-based access control is provided.
- M. A. Al-Kahtani and R. Sandhu. A Model for Attribute-Based User-Role Assignment. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, pages 353--362, December 2002. Google Scholar
Digital Library
- D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC), 4(3):224--274, August 2001. Google ScholarDigital Library
- G. Karjoth. The Authorization Service of Tivoli Policy Director. In Proceedings of the 17th Annual Computer Security Applications Conference, New Orleans, Louisiana, USA, pages 319--328, December 2001. Google ScholarDigital Library
- A. Kern. Advanced Features for Enterprise-Wide Role-Based Access Control. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, pages 333--342, December 2002. Google ScholarDigital Library
- A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett. Observations on the Role Life-Cycle in the Context of Enterprise Security Management. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, California, USA, pages 43--51, June 2002. Google ScholarDigital Library
- A. D. Marshall. A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard. In Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA, pages 382--390, December 2002. Google ScholarDigital Library
- J. Moffett. Specification of Management Policies and Discretionary Access Control. In M. Sloman, editor, Network and Distributed Systems Management, pages 455--480. Addison-Wesley, 1994. Google ScholarDigital Library
- J. Moffett. Control Principles and Role Hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA, pages 63--69, October 1998. Google ScholarDigital Library
- S. Oh and R. Sandhu. A Model for Role Administration Using Organization Structure. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, California, USA, pages 155--168, June 2002. Google ScholarDigital Library
- For more information about SAM Jupiter see http://www.sam-security.com.Google Scholar
- R. Sandhu and V. Bhamidipati. Role-Based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation. Journal of Network and Computer Applications, 22(3), July 1999. Google ScholarDigital Library
- R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security (TISSEC), 2(1):105--135, February 1999. Google ScholarDigital Library
- R. Sandhu and Q. Munawer. The ARBAC99 Model for Administration of Roles. In Proceedings of the 18th Annual Computer Security Applications Conference, Phoenix, Arizona, USA, pages 229--238, December 1999. Google ScholarDigital Library
- R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38--47, February 1996. Google ScholarDigital Library
- A. Schaad, J. Moffett, and J. Jacob. The Role-Based Access Control System of a European Bank: A Case Study and Discussion. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, Virginia, USA, pages 3--9, May 2001. Google ScholarDigital Library
Index Terms
- An administration concept for the enterprise role-based access control model
Recommendations
Rule support for role-based access control
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesThe administration of users and access rights in large enterprises is a complex and challenging task. Role-based access control (RBAC) is a powerful concept for simplifying access control. In particular, Enterprise Roles spanning across different IT ...
The ARBAC97 model for role-based administration of roles
Special issue on role-based access controlIn role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Comments