Migrating from DAC to RBAC

  • Emre Uzun
  • David Lorenzi
  • Vijayalakshmi Atluri
  • Jaideep Vaidya
  • Shamik Sural
Conference paper

DOI: 10.1007/978-3-319-20810-7_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9149)
Cite this paper as:
Uzun E., Lorenzi D., Atluri V., Vaidya J., Sural S. (2015) Migrating from DAC to RBAC. In: Samarati P. (eds) Data and Applications Security and Privacy XXIX. DBSec 2015. Lecture Notes in Computer Science, vol 9149. Springer, Cham

Abstract

Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Emre Uzun
    • 1
  • David Lorenzi
    • 1
  • Vijayalakshmi Atluri
    • 1
  • Jaideep Vaidya
    • 1
  • Shamik Sural
    • 2
  1. 1.MSIS DepartmentRutgers Business SchoolNewarkUSA
  2. 2.School of Information TechnologyIIT KharagpurKharagpurIndia

Personalised recommendations