Advanced Features for Enterprise-Wide Role-Based Access Control

Authors:
Axel Kern
Affiliations:
-
Venue:
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Year:
2002

Citing 0
Cited 17

An administration concept for the enterprise role-based access control model

Proceedings of the eighth ACM symposium on Access control models and technologies
Role mining - revealing business roles for security administration using data mining technology

Proceedings of the eighth ACM symposium on Access control models and technologies
A meta model for authorisations in application security systems and their integration into RBAC administration

Proceedings of the ninth ACM symposium on Access control models and technologies
Access-Control Language for Multidomain Environments

IEEE Internet Computing
Rule support for role-based access control

Proceedings of the tenth ACM symposium on Access control models and technologies
Role mining with ORCA

Proceedings of the tenth ACM symposium on Access control models and technologies
X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control

ACM Transactions on Information and System Security (TISSEC)
Administration in role-based access control

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Distributed access control architecture and model for supporting collaboration and concurrency in dynamic virtual enterprises

International Journal of Computer Integrated Manufacturing
Flexible authorisation in dynamic e-business environments using an organisation structure-based access control model

International Journal of Computer Integrated Manufacturing
Specification and enforcement of flexible security policy for active cooperation

Information Sciences: an International Journal
Incorporating social-cultural contexts in role engineering: an activity theoretic approach

International Journal of Business Information Systems
Towards automatic update of access control policy

LISA'10 Proceedings of the 24th international conference on Large installation system administration
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)

Proceedings of the first ACM conference on Data and application security and privacy
Automatic error finding in access-control policies

Proceedings of the 18th ACM conference on Computer and communications security
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies

ACM Transactions on Information and System Security (TISSEC)
Policy analysis for self-administrated role-based access control

TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The administration of users and access rights in largeenterprises is a complex and challenging task. Roles area powerful concept for simplifying access control, but theirimplementation is normally restricted to single systems andapplications. In this article we define Enterprise Roles capableof spanning all IT systems in an organisation. Weshow how the Enterprise Role-Based Access Control (ER-BAC)model exploits the RBAC model outlined in the NISTstandard draft[5] and describe its extensions.We have implemented ERBAC as a basic concept of SAMJupiter, a commercial security administration tool. Basedon practical experience with the deployment of EnterpriseRoles during SAM implementation projects in large organisations,we have enhanced the ERBAC model by includingdifferent ways of parametrising the roles. We show thatusing parameters can significantly reduce the number ofroles needed in an enterprise and simplify the role structure,thereby reducing the administration effort considerably.The enhanced ERBAC features are illustrated by real-lifeexamples.