X-gtrbac admin-Reference-Cited by-同舟云学术

X-gtrbac admin

Published:2005-11 Issue:4 Volume:8 Page:388-423
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Bhatti Rafae¹,Shafiq Basit¹,Bertino Elisa¹,Ghafoor Arif¹,Joshi James B. D.²

Affiliation:

1. Purdue University, IN

2. University of Pittsburgh, PA

Abstract

The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to conflicts in the overall policy in a multidomain environment. The administration problem for enterprise-wide access control, therefore, not only includes authorization management for users and resources within a single domain but also conflict resolution among heterogeneous access control policies of multiple domains to allow secure interoperation within the enterprise. This work presents design and implementation of X-GTRBAC Admin, an administration model that aims at enabling administration of role-based access control (RBAC) policies in the presence of constraints with support for conflict resolution in a multidomain environment. A key feature of the model is that it allows decentralization of policy administration tasks through the abstraction of administrative domains, which not only simplifies authorization management, but is also fundamental to the concept of decentralized conflict resolution presented. The paper also illustrates the applicability of the outlined administrative concepts in a realistic enterprise environment using an implementation prototype that facilitates policy administration in large enterprises.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/1108906.1108909

Reference17 articles.

1. A model of OASIS role-based access control and its support for active security

2. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control

3. Bonatti P. A. Sapino M. L. and Subrahmanian V. S. 1996. . . . ESORICS. 183--197. Bonatti P. A. Sapino M. L. and Subrahmanian V. S. 1996. Merging heterogeneous security orderings. ESORICS. 183--197.

4. Bonatti P. A. Vimercati S. and Samarati P. 2002. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (Feb.). 1--35. 10.1145/504909.504910 Bonatti P. A. Vimercati S. and Samarati P. 2002. An algebra for composing access control policies ACM Transactions on Information and System Security 5 1 (Feb.). 1--35. 10.1145/504909.504910

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Role-Based Administration of Role-Based Smart Home IoT;Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems;2021-04-26

2. Securing Loosely-Coupled Collaboration in Cloud Environment through Dynamic Detection and Removal of Access Conflicts;IEEE Transactions on Cloud Computing;2016-07-01

3. A Framework for Composition and Enforcement of Privacy-Aware and Context-Driven Authorization Mechanism for Multimedia Big Data;IEEE Transactions on Multimedia;2015-09

4. Risk Aware Query Replacement Approach for Secure Databases Performance Management;IEEE Transactions on Dependable and Secure Computing;2015-03

5. Collaborative Policy Administration;IEEE Transactions on Parallel and Distributed Systems;2014-02