Skip to main content
SpringerLink
Log in
Book cover

OTM Confederated International Conferences "On the Move to Meaningful Internet Systems"

OTM 2007: On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS pp 1548–1566Cite as

Managing Risks in RBAC Employed Distributed Environments

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4804))

Abstract

Role Based Access Control (RBAC) has been introduced in an effort to facilitate authorization in database systems. It introduces roles as a new layer in between users and permissions. This not only provides a well maintained access granting mechanism, but also alleviates the burden to manage multiple users. While providing comprehensive access control, current RBAC models and systems do not take into consideration the possible risks that can be incurred with role misuse. In distributed environments a large number of users are a very common case, and a considerable number of them are first time users. This fact magnifies the need to measure risk before and after granting an access. We investigate the means of managing risks in RBAC employed distributed environments and introduce a probability based novel risk model. Based on each role, we use information about user credentials, current user queries, role history log and expected utility to calculate the overall risk. By executing data mining on query logs, our scheme generates normal query clusters. It then assigns different risk levels to individual queries, depending on how far they are from the normal clusters. We employ three types of granularity to represent queries in our architecture. We present experimental results on real data sets and compare the performances of the three granularity levels.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdul-Rahman, A., Hailes, S.: Supporting trust in virtual commmunities, Hawaii International Conference on System Sciences, Hawai, USA (January 2000)

    Google Scholar 

  2. Anderson, J.F., Brown, R.L.: Risk and Insurance, Number 1-21-00 in Study Notes, Society of Actuaries (2000)

    Google Scholar 

  3. Bacon, J., Dimmock, N., Ingram, D., Moody, K., Shand, B., Twigg, A.: SECURE Deliverable 3.1: Definition of Risk Model (December 2002)

    Google Scholar 

  4. Bertino, E., Kamra, A., Terzi, E., Vakali, A.: Intrusion detection in RBAC-administered databases. In: 21st Annual Comp. Sec. Applc Conf., Tucson, AR, USA (December 2005)

    Google Scholar 

  5. Cahill, V., Wagealla, W., Nixon, P., Terzis, S., Lowe, H., McGettrick, A.: Using trust for secure collaboration in uncertain environments. IEEE Pervasive Comp. 2, 52–61 (2003)

    Article  Google Scholar 

  6. Carbone, M., Dimmock, N., Krukow, K., Nielsen, M.: Revised Computational Trust Model, EU IST-FET Project Deliverable (2004)

    Google Scholar 

  7. Dimmock, N.: How much is enough? Risk in trust-based access control. In: IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises - Enterprise Security, pp. 281–282 (June 2003)

    Google Scholar 

  8. Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: 9th ACM Symposium on Access Control Models and Technologies, Yorktown Heights, New York, USA (June 2-4, 2004)

    Google Scholar 

  9. Dimmock, N., Bacon, J., Ingram, D., Moody, K.: Risk models for trust-based access control (TBAC). In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, Springer, Heidelberg (2005)

    Google Scholar 

  10. English, C., Wagealla, W., Nixon, P., Terzis, S., Lowe, H., McGettrick, A.: Trusting collaboration in global computing systems. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 28–30. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th NIST-NSCS National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  12. Gallaher, M.P., O’Connor, A.C., Kropp, B.: The Economic Impact of Role-Based Access Control, Planning Report 02-1 for NIST, NC, USA (March 2002)

    Google Scholar 

  13. Joint Staff, Net-Centric Operational Environment Joint Integrating Concept, Washington, DC, USA (October 2005)

    Google Scholar 

  14. McLachlan, G., Peel, D. (eds.): Finite Mixture Models. Wiley and Sons, USA (2000)

    MATH  Google Scholar 

  15. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  16. Schlegelmilch, J., Steffens, U.: Role mining with ORCA. In: Proceedings of the 10th ACM Symp on Access Cont. Models &Techn., Scandic Hasselbacken, Stockholm (June 1-3, 2005)

    Google Scholar 

  17. Shand, B., Dimmock, N., Bacon, J.: Trust for ubiquitous, transparent collaboration. Wireless Networks 10, 711–721 (2004)

    Article  Google Scholar 

  18. Smith, T.: Information risk: a new approach to information technology security, IT Solutions [Accessed July 18, 2006], http://itsolutions.sys-con.com

  19. Tan, P.N., Steinbach, M., Kumar, V.: Intro. to Data Mining, Pearson Education, USA (2006)

    Google Scholar 

  20. Thuraisingham, B.: Information Operations Across Infospheres, Annual Report for Air Force Office of Scientific Research (October 2006)

    Google Scholar 

  21. Vaidya, J., Atluri, V., Warner, J.: RoleMiner: mining roles using subset enumeration. In: 13th ACM Conf. on Computer & Comms. Security, Alexandria, VA, USA (October 2006)

    Google Scholar 

  22. V-fold Cross-Validation [Acc. October 26, 2006], http://www.statsoft.com/textbook/stcluan.html

  23. Weka [Accessed October 26, 2006], http://www.cs.waikato.ac.nz/ml/weka

  24. Witten, I.H., Frank, E.: Data Mining. Morgan Kauffman Pub, USA (2000)

    Google Scholar 

  25. Xiong, L., Liu, L.: Building trust in decentralized peer-to-peer electronic communities. In: Fifth International Conference on Electronic Commerce, Pittsburgh, PA, USA (October 2003)

    Google Scholar 

  26. Zhang, C.N., Yang, C.: An object-oriented RBAC model for distributed system. In: Working IEEE/IFIP Conference on S/w Arch. (August 28-31, 2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Texas at Dallas Richardson, TX 75083, USA

    Ebru Celikel, Murat Kantarcioglu & Bhavani Thuraisingham

  2. Purdue University West Lafayette, IN 47907, USA

    Elisa Bertino

Authors
  1. Ebru Celikel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Murat Kantarcioglu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bhavani Thuraisingham
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Robert Meersman Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Celikel, E., Kantarcioglu, M., Thuraisingham, B., Bertino, E. (2007). Managing Risks in RBAC Employed Distributed Environments. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. OTM 2007. Lecture Notes in Computer Science, vol 4804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76843-2_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76843-2_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76835-7

  • Online ISBN: 978-3-540-76843-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation