Download
1 / 16
160 likes | 172 Views
This research paper presents the Uni-ARBAC model, which combines existing administrative principles to administer user-role and permission-role assignments. It provides a unified approach for managing access control in a flexible and efficient manner.
E N D
Institute for Cyber Security Uni-ARBAC: A Unified Administrative Model for Role-Based Access Control Prosunjit Biswas, Ravi Sandhu and Ram Krishnan Department of Computer Science Department of Electrical and Computer Engineering 19th Information Security Conference, (ISC 2016) September 7-9, 2016 1 1 World-Leading Research with Real-World Impact!
Outline Summary Motivation Existing concepts and principles The Uni-ARBAC model Variations of Uni-ARBAC Engineering Administrative Units Conclusion 2 2 World-Leading Research with Real-World Impact!
Summary • We have presented a unified model (Uni-ARBAC) for administering user-role and permission-role assignments by combining many of the existing administrative principles. 3 3 World-Leading Research with Real-World Impact!
Crampton & Loizou model ARBAC97 ARBAC02 URBAC ... Motivation 4 4 World-Leading Research with Real-World Impact!
Inspiring concepts & principles Separation principle [ARBAC97] Separation of user & permission administration Separation of regular roles from administration Unification principles Task as a group of permissions [TRBAC] User-pool as a group of users [ARBAC02] 5 5 World-Leading Research with Real-World Impact!
Inspiring concepts & principles Design of administrative structure Strictly based on role hierarchy [Administrative scope] Flexible role hierarchy [Role-graph administration] Principles of role administration [UARBAC] Reversibility Administrative structure flexibility 6 6 World-Leading Research with Real-World Impact!
Variation of Uni-ARBAC Variation of Uni-ARBAC Aggressive inheritance model No-self administration model Discriminative revoke model
Engineering Administrative Units Role Graph 3. Iterate the process until all roles are partitioned into Administrative Units. 1. Use role hierarchy to discover senior and junior roles. “Senior-most” roles “Junior-most” roles 2.Separate senior-most and junior-most roles from role graph & define Administrative Units with these roles.
Examples of engineered Administrative units Fig1: Role hierarchy Fig2: Generated Administrative Units
Examples of engineered Administrative units Fig1: Role hierarchy Fig2: Generated Administrative Units
Conclusion Uni-ARBAC unifies different role administrative principles into a single model. It addresses different concerns raised in the literatures of role-based administration.
