Towards a Scalable Role and Organization Based Access Control Model with Decentralized Security Administration
نویسنده
چکیده
AbStrAct This chapter addresses the problem that traditional role-base access control (RBAC) models do not scale up well for modeling security policies spanning multiple organizations. After reviewing recently proposed Role and Organization Based Access Control (ROBAC) models, an administrative ROBAC model called AROBAC07 is presented and formalized in this chapter. Two examples are used to motivate and demonstrate the usefulness of ROBAC. Comparison between AROBAC07 and other administrative RBAC models are given. We show that ROBAC/AROBAC07 can significantly reduce administration complexity for applications involving a large number of organizational units. Finally, an application compartment-based delegation model is introduced, which provides a method to construct administrative role hierarchy in AROBAC07. We show that the AROBAC07 model provides convenient ways to decentralize administrative tasks for ROBAC systems and scales up well for role-based systems involving a large number of organizational units.
منابع مشابه
An Organizational Structure-Based Administration Model for Decentralized Access Control
We propose an effective administration model using organizational structure for a decentralized role-based access control environment. Access control administration is a critical issue for large organizations and information systems. A large organization needs decentralized access control by multiple security officers because it has many users and information objects, and a single security offi...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملMulti-Granular Licences to Decentralize Security Administration
There has been for several years a growing interest in defining new access control models and administration facilities for these models. Several models have observed that only structuring the model using the concept of roles as in RBAC is not sufficient to administer decentralized enterprises. These models have suggested to consider new concepts such as organization (as in OrBAC) or domain (as...
متن کاملSecurity Policy Languages and Enforcement
As organizations grow larger and more complex, and as cybersecurity becomes an increasingly important concern, there are growing needs for languages that can express complex security policies of organizations and for efficient mechanisms to enforce the policies. An essential function of security policies is to control authorization, that is, to determine whether a request to access a resource s...
متن کامل