Extended privilege inheritance in RBAC

Dekker, M.A.C.; Cederquist, J.G.; Crampton, J.; Etalle, S.

Extended privilege inheritance in RBAC

conference paper

2007

Dekker, M.A.C.

Cederquist, J.G.

Crampton, J.

Etalle, S.

In existing RBAC literature, administrative privileges are inherited just like ordinary user privileges. We argue that from a security viewpoint this is too restrictive, and we believe that a more flexible approach can be very useful in practice. We define an ordering on the set of administrative privileges, enabling us to extend the standard privilege inheritance relation in a natural way. This means that if a user has a particular administrative privilege, then she is also implicitly authorized for weaker administrative privileges. We prove the non-trivial result that it is possible to decide whether one administrative privilege is weaker than another and show how this result can be used to decide administrative requests in an RBAC security monitor. Copyright 2007 ACM.

Topics

Access control Administrative privileges RBAC Cryptography Data structures Security systems User interfaces Administrative privileges Security monitors Authentication

TNO Identifier

240211

Repository link

https://resolver.tno.nl/uuid:9ae89e89-eb3c-42c8-a40f-a9099a81c3c2

ISBN

1595935746
9781595935748

Source title

2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS '07, 20 March 2007 through 22 March 2007, Singapore, Conference code: 70307

Pages

383-385

Files

To receive the publication files, please send an e-mail request to TNO Repository.

Extended privilege inheritance in RBAC

Make TNO yours!