RBAC administration in distributed systems

M.A.C. Dekker; J. Crampton; S. Etalle

doi:10.1145/1377836.1377852

RBAC administration in distributed systems

M.A.C. Dekker, J. Crampton, S. Etalle

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

17 Citations (Scopus)

Abstract

Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.

Original language	English
Title of host publication	SACMAT 2008 (13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings)
Editors	I. Ray, N. Li
Place of Publication	New York
Publisher	Association for Computing Machinery, Inc
Pages	93-102
ISBN (Print)	978-1-60558-129-3
DOIs	https://doi.org/10.1145/1377836.1377852
Publication status	Published - 2008

Access to Document

10.1145/1377836.1377852

Cite this

@inproceedings{4f746bd81fb849d5be65198dc8114dfa,

title = "RBAC administration in distributed systems",

abstract = "Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.",

author = "M.A.C. Dekker and J. Crampton and S. Etalle",

year = "2008",

doi = "10.1145/1377836.1377852",

language = "English",

isbn = "978-1-60558-129-3",

pages = "93--102",

editor = "I. Ray and N. Li",

booktitle = "SACMAT 2008 (13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings)",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

}

RBAC administration in distributed systems. / Dekker, M.A.C.; Crampton, J.; Etalle, S.

SACMAT 2008 (13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings). ed. / I. Ray; N. Li. New York : Association for Computing Machinery, Inc, 2008. p. 93-102.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - RBAC administration in distributed systems

AU - Dekker, M.A.C.

AU - Crampton, J.

AU - Etalle, S.

PY - 2008

Y1 - 2008

N2 - Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.

AB - Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.

U2 - 10.1145/1377836.1377852

DO - 10.1145/1377836.1377852

M3 - Conference contribution

SN - 978-1-60558-129-3

SP - 93

EP - 102

BT - SACMAT 2008 (13th ACM Symposium on Access Control Models and Technologies, Estes Park, CO, USA, June 11-13, 2008, Proceedings)

A2 - Ray, I.

A2 - Li, N.

PB - Association for Computing Machinery, Inc

CY - New York

ER -

RBAC administration in distributed systems

Abstract

Access to Document

Fingerprint

Cite this