Article

Understanding and developing role-based administrative models

Author:
Jason Crampton

University of London, England

University of London, England
View Profile

CCS '05: Proceedings of the 12th ACM conference on Computer and communications securityNovember 2005Pages 158–167https://doi.org/10.1145/1102120.1102143

Published:07 November 2005Publication History

CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Pages 158–167

ABSTRACT

Access control data structures generally need to evolve over time in order to reflect changes to security policy and personnel. An administrative model defines the rules that control the state changes to an access control model and the data structures that model defines. We present a powerful framework for describing role-based administrative models. It is based on the concept of administrative domains and criteria that control state changes in order to preserve certain features of those domains. We define a number of different sets of criteria, each of which control the effect of state changes on the set of administrative domains and thereby lead to different role-based administrative models. Using this framework we are able to identify some unexpected connections between the ARBAC97 and RHA administrative models and to compare their respective properties. In doing so we are able to suggest some improvements to both models.

References

Abrams, M., LaPadula, L., and Olson, I. M. Building generalized access control on UNIX. In Proceedings of Second USENIX UNIX Security Workshop/ (1990), pp. 65--70.Google Scholar
American National Standards Institute. ANSI INCITS 359-2004 for Role Based Access Control, 2004.Google Scholar
Bertino, E., Bonatti, P., and Ferrari, E. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security 4, 3 (2001), 191--223. Google ScholarDigital Library
Crampton, J. Authorization and antichains. PhD thesis, Birkbeck, University of London, London, England, 2002. Available from http://www.isg.rhul.ac.uk~jason.Google Scholar
Crampton, J. Understanding and developing role-based administrative models. Tech. Rep. RHUL--MA--2005--6, Royal Holloway, University of London, 2005.Google ScholarDigital Library
Crampton, J., and Loizou, G. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security 6, 2 (2003), 201--231. Google ScholarDigital Library
Davey, B., and Priestley, H. Introduction to Lattices and Order. Cambridge University Press, Cambridge, United Kingdom, 1990.Google Scholar
Ferraiolo, D., and Kuhn, D. Role-based access control. In Proceedings of the 15th NIST-NSA National Computer Security Conference (1992), pp. 554--563.Google Scholar
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., and Chandramouli, R. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4, 3 (2001), 224--274. Google ScholarDigital Library
Harrison, M., Ruzzo, W., and Ullman, J. Protection in operating systems. Communications of the ACM 19, 8 (1976), 461--471. Google ScholarDigital Library
Li, N., and Tripunitara, M. Security analysis in role-based access control. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (2004), pp. 126--135. Google ScholarDigital Library
Munawer, Q., and Sandhu, R. Simulation of the augmented typed access matrix model (ATAM) using roles. In Proceedings INFOSECU99 International Conference on Information Security (1999).Google Scholar
Nyanchama, M., and Osborn, S. The role graph model and conflict of interest. ACM Transactions on Information and System Security 2, 1 (1999), 3--33. Google ScholarDigital Library
Sandhu, R. Role activation hierarchies. In Proceedings of Third ACM Workshop on Role-Based Access Control (1998), pp. 33--40. Google ScholarDigital Library
Sandhu, R., Bhamidipati, V., and Munawer, Q. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security 1, 2 (1999), 105--135. Google ScholarDigital Library
Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. Role-based access control models. IEEE Computer 29, 2 (1996), 38--47. Google ScholarDigital Library

Index Terms

Understanding and developing role-based administrative models

Recommendations

Administrative scope: A foundation for role-based administrative models

We introduce the concept of administrative scope in a role hierarchy and demonstrate that it can be used as a basis for role-based administration. We then develop a family of models for role hierarchy administration (RHA) employing administrative scope ...
Read More
Security analysis in role-based access control
SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

Delegation is often used in administrative models for Role-Based Access Control (RBAC) systems to decentralize administration tasks. While the use of delegation greatly enhances flexibility and scalability, it may reduce the control that an organization ...
Read More
Security analysis in role-based access control

The administration of large role-based access control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '05: Proceedings of the 12th ACM conference on Computer and communications security
November 2005
422 pages
ISBN:1595932267
DOI:10.1145/1102120
General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Catherine Meadows
Naval Research Laboratory
,
Ari Juels
RSA Laboratories
Copyright © 2005 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 November 2005
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ARBAC97
RHA
administrative domain
administrative scope
role-based access control
role-based administration
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate1,261of6,999submissions,18%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 44
  Total Citations
  View Citations
- 968
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.