Greedy algorithm for least privilege in RBAC model
COCOA'11 Proceedings of the 5th international conference on Combinatorial optimization and applications
| Hi-index | 0.00 |
In current Grid systems there is a tradeoff between flexibility and security in the context of delegation. Based on the traditional Role-Based-Access-Control module, in order to fulfill the "least privilege" principle, a new delegation model is proposed. This model introduces a task-policy based method to restrict the max privileges a task can delegate; combines static and dynamic delegation method to avoid task being interrupted by lack of privileges during execution; makes use of the credit card mechanism to ensure convenience and reduce risks.