Security policy management for systems employing role based access control model

被引：7

作者：

Huang, Chao ^{[1
]}

Sun, Jianling ^{[1
]}

Wang, Xinyu ^{[1
]}

Si, Yuanjie ^{[1
]}

机构：

[1] College of Computer Science, Zhejiang University, Hangzhou, Zhejiang, 310027

来源：

Information Technology Journal | 2009年 / 8卷 / 05期

关键词：

Cardinality constraint; Policy checking; Policy inconsistency; Policy redundancy; Role hierarchy; Separation of duty;

D O I：

10.3923/itj.2009.726.734

中图分类号：

学科分类号：

摘要：

In this study, we propose the redundancy and inconsistency checking algorithms to support the policy management of systems employing role based access control model. Present method is based on the formal definition of the policy redundancy and policy inconsistency. Via constructing the role graph, we analyze the redundancy and inconsistency one by one. According to the features of each type of redundancy and inconsistency, present algorithm checks all the possible violations and generates the related policy elements to help the security administrator to amend the policy afterwards. The performance test demonstrates that the approach is efficient enough for practical usage. Present approach could guarantee the conciseness as well as consistency of the access control policy, at same time reduce the burden of access control administration significantly. © 2009 Asian Network for Scientific Information.

引用

页码：726 / 734

页数：8

共 17 条

[1]

Beznosov K., Deng Y., A framework for implementing role-based access control using CORBA security service, Proceedings of the 4th ACM Workshop on Role-Based Access Control, RBAC'99, pp. 19-30, (1999)

[2]

Centonze P., Naumovich G., Fink S.J., Pistoia M., Role-based access control consistency validation, Proceedings of the 2006 International Symposium on Software Testing and Analysis, pp. 121-132, (2006)

[3]

Chang J., Hoh P., Inconsistency detection of authorization policies in distributed component environment, LNCS, 3325, pp. 39-50, (2005)

[4]

Coyne E.J., Role engineering, Proceedings of the 1st ACM Workshop on Role-Based Access Control, pp. 132-140, (1996)

[5]

Essmayr W., Probst S., Weippl E., Role-based access controls: Status, dissemination and prospects for generic security mechanisms, Elect. Commun. Res, 4, pp. 127-156, (2004)

[6]

Fenaiolo D.F., Sandhu R., Gavrila S., Kuhn D.R., Chandramouli R., Proposed NIST standard for role-based access control, ACM Trans. Inform. Syst. Secur, 4, pp. 224-274, (2001)

[7]

Ferraiolo D.F., Chandramouli R., Ahn G., Gavrila S., The role control center: Features and case studies, Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, SACMAT'03, pp. 12-20, (2003)

[8]

Floyd R.W., Algorithm 97: Shortest path, ACM Commun, 5, pp. 345-345, (1962)

[9]

Li N., Tripunitara M.V., Security analysis in rolebased access control, ACM Trans. Inform. Syst. Secur, 9, pp. 391-420, (2006)

[10]

Li N., Mao Z., Administration in role-based access control, Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security ASIACCS '07, pp. 127-138, (2007)

← 1 2 →