Jason Crampton (2005) Understanding and Developing Role-Based Administrative Models.
Full text access: Open
Access control data structures generally need to evolve over time in order to reflect changes to security policy and personnel. An administrative model defines the rules that control the state changes to an access control model and the data structures it defines. We present a powerful framework for describing role-based administrative models. The framework is based on the concept of administrative domains and state changes that preserve certain aspects of those domains. We define a number of different sets of criteria, each of which control the effect of state changes on the set of administrative domains and thereby lead to different role-based administrative models. Using this framework we are able to identify some unexpected connections between the ARBAC97 and RHA administrative models and to compare their respective properties. We also suggest some improvements to both models.
This is a Published version This version's date is: 20/04/2005 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/9bb2e92c-e55c-2764-6220-65f2f2288fb5/1/
Deposited by () on 13-Jul-2010 in Royal Holloway Research Online.Last modified on 14-Dec-2010
[1] American National Standards Institute. ANSI INCITS 359-2004 for Role Based Access Control, 2004.
[2] E. Bertino, P.A. Bonatti, and E. Ferrari. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3):191–223, 2001.
[3] J. Crampton. Authorization and antichains. PhD thesis, Birkbeck, University of London,London, England, 2002. Available from http://www.isg.rhul.ac.uk/∼jason.
[4] J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security, 6(2):201–231, 2003.
[5] D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3):224–274, 2001.
[6] M.A. Harrison, W.L. Ruzzo, and J.D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976.
[7] N. Li and M.V. Tripunitara. Security analysis in role-based access control. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies,pages 126–135, 2004.
[8] Q. Munawer and R. Sandhu. Simulation of the augmented typed access matrix model (ATAM) using roles. In Proceedings INFOSECU99 International Conference on Information Security, 1999.
[9] M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3–33, 1999.
[10] R. Sandhu. Role activation hierarchies. In Proceedings of Third ACM Workshop on Role-Based Access Control, pages 33–40, 1998.
[11] R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security,1(2):105–135, 1999.
[12] R. Sandhu, E.J. Coyne, H. Feinstein, and C.E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, 1996.