Discretionary and Mandatory Controls for Role-Based Administration

Crampton, Jason

doi:10.1007/11805588_14

Discretionary and Mandatory Controls for Role-Based Administration

Jason Crampton¹⁸

Conference paper

615 Accesses
1 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

Role-based access control is an important way of limiting the access users have to computing resources. While the basic concepts of role-based access control are now well understood, there is no consensus on the best approach to managing role-based systems. In this paper, we introduce a new model for role-based administration, using the notions of discretionary and mandatory controls. Our model provides a number of important features that control the assignment of users and permissions to roles. This means that we can limit the damage that can be done by malicious administrative users. We compare our approach to a number of other models for role-based administration, and demonstrate that our model has several advantages.

Keywords

Access Control Model
Administrative Domain
Administrative Role
Role Hierarchy
Nest Partition

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

References

Crampton, J., Loizou, G.: Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security 6(2), 201–231 (2003)
CrossRef Google Scholar
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC 1997 model for role-based administration of roles. ACM Transactions on Information and System Security 1(2), 105–135 (1999)
CrossRef Google Scholar
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
CrossRef Google Scholar
American National Standards Institute: ANSI INCITS 359-2004 for Role Based Access Control (2004)
Google Scholar
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
CrossRef Google Scholar
Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
CrossRef MathSciNet MATH Google Scholar
Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, vol I, Mitre Corporation, Bedford, Massachusetts (1973)
Google Scholar
Crampton, J.: Understanding and developing role-based administrative models. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 158–167 (2005)
Google Scholar
Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)
CrossRef Google Scholar
Crampton, J.: Specifying and enforcing constraints in role-based access control. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, pp. 43–50 (2003)
Google Scholar
Gligor, V., Gavrila, S., Ferraiolo, D.: On the formal definition of separation-of-duty policies and their composition. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 172–183 (1998)
Google Scholar
Jaeger, T., Tidswell, J.: Practical safety in flexible access control models. ACM Transactions on Information and System Security 4(2), 158–190 (2001)
CrossRef Google Scholar
Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Transactions on Information and System Security 2(1), 3–33 (1999)
CrossRef Google Scholar
Simon, R., Zurko, M.: Separation of duty in role-based environments. In: Proceedings of 10th IEEE Computer Security Foundations Workshop, pp. 183–194 (1997)
Google Scholar
Oh, S., Sandhu, R.: A model for role administration using organization structure. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pp. 155–162 (2002)
Google Scholar
Bhatti, R., Joshi, J., Bertino, E., Ghafoor, A.: X-GTRBAC Admin: A decentralized administration model for enterprise-wide access control. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pp. 78–86 (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Information Security Group, Royal Holloway, University of London, UK
Jason Crampton

Authors

Jason Crampton
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy
Ernesto Damiani
The Logistics Institute, Northeastern University, Shenyang, China
Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Crampton, J. (2006). Discretionary and Mandatory Controls for Role-Based Administration. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_14

Download citation

DOI: https://doi.org/10.1007/11805588_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36796-3
Online ISBN: 978-3-540-36799-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics