Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Role-Based Access Control Models
Computer
Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems
Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
Understanding and developing role-based administrative models
Proceedings of the 12th ACM conference on Computer and communications security
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Agile architecture methodology: long term strategy interleaved with short term tactics
Companion to the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Hi-index | 0.01 |
System administrators typically have unrestricted access to all files and programs on a system, with no enforced principle of least privilege. Additionally, this unrestricted access causes challenges for audit as many different users might have superuser access and the audit trail may not distinguish between the actual users, recording instead all access as being by "superuser". These two issues result in further concerns regarding compliance for those organizations subject to government regulations (such as Sarbanes-Oxley in the United States). In this paper we present a reference architecture for an access control mechanism that addresses this issue by focusing specifically on the control and audit of system administrators. This reference architecture has been implemented and widely deployed. We describe some of its capabilities through a case study.