Refinement for Administrative Policies
نویسندگان
چکیده
Flexibility of management is an important requisite for access control systems as it allows users to adapt the access control system in accordance with practical requirements. This paper builds on earlier work where we defined administrative policies for a general class of RBAC models. We present a formal definition of administrative refinement and we show that there is an ordering for administrative privileges which yields administrative refinements of policies. We argue (by giving an example) that this privilege ordering can be very useful in practice, and we prove that the privilege ordering is tractable.
منابع مشابه
Improving Manageability of Access Control Policies
Applications are continuously increasing in both complexity and number of users they serve. Moreover, the set of applications used by organizations is continuously expanding. This poses challenges, not in the least with regard to access control. More specifically, manageability of access control policies becomes more difficult. This leads to administrative overhead and challenges in enforcing a...
متن کاملA Methodological Approach to Policy Refinement in Policy-based Management Systems
Current research efforts are being directed to commit with the long-term view of self-management properties for telecommunications networks. One of the key approaches that have been recognised as an enabler of such a view is policy-based management. Policy-based management has been mostly acknowledged as a methodology that provides flexibility, adaptability and support to automatically assign n...
متن کاملAdaptive identity and access management - contextual data based policies
Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. These policies provide the foundation for every identity and access managemen...
متن کاملAn automated policy refinement process supported by expert knowledge
English) In a policy-based system management, a policy refinement process is requiredto translate abstract policies, which are specified by human, into enforceablepolicies, which are enforced by machine.However, a manual policy refinement process imposes some problems.The first problem is that it requires expert knowledge to perform the policyrefinement process. The second p...
متن کاملA Formal Policy Specification Language for an 802.11 WLAN with Enhanced Security Network
In Wide Area Networks (WANs)inconsistencies among the security policies of Administrative Domains (ADs) may cause severe security flaws. Recently, security policies are written in natural language and as they get more complicated, even for an expert it might be impossible to detect such inconsistencies. However, when a formal language is used, it might be possible to make verification of securi...
متن کامل