Decentralized user group assignment in Windows NT

Gail-Joon Ahn, Ravi Sandhu

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups. Each user within a group inherits the rights associated with that group. In this paper, we describe an experiment to extend the Windows NT group mechanism in two significant ways that are useful in managing group-based access control in large-scale systems. The goal of our experiment is to demonstrate how group hierarchies (where groups include other groups) and decentralized user-group assignment (where administrators are selectively delegated authority to assign certain users to certain groups) can be implemented by means of Microsoft remote procedure call (RPC) programs. In both respects the experimental goal is to implement previously published models (RBAC96 for group hierarchies and URA97 for decentralized user-group assignment). Our results indicate that Windows NT has adequate flexibility to accommodate sophisticated access control models to some extent.

Original languageEnglish (US)
Pages (from-to)39-49
Number of pages11
JournalJournal of Systems and Software
Volume56
Issue number1
StatePublished - Feb 1 2001
Externally publishedYes

Fingerprint

Access control
Large scale systems
Experiments

Keywords

  • Role-based access control
  • Security
  • Windows NT

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software

Cite this

Decentralized user group assignment in Windows NT. / Ahn, Gail-Joon; Sandhu, Ravi.

In: Journal of Systems and Software, Vol. 56, No. 1, 01.02.2001, p. 39-49.

Research output: Contribution to journalArticle

@article{308c073689604f12b5ef90879d904e14,
title = "Decentralized user group assignment in Windows NT",
abstract = "The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups. Each user within a group inherits the rights associated with that group. In this paper, we describe an experiment to extend the Windows NT group mechanism in two significant ways that are useful in managing group-based access control in large-scale systems. The goal of our experiment is to demonstrate how group hierarchies (where groups include other groups) and decentralized user-group assignment (where administrators are selectively delegated authority to assign certain users to certain groups) can be implemented by means of Microsoft remote procedure call (RPC) programs. In both respects the experimental goal is to implement previously published models (RBAC96 for group hierarchies and URA97 for decentralized user-group assignment). Our results indicate that Windows NT has adequate flexibility to accommodate sophisticated access control models to some extent.",
keywords = "Role-based access control, Security, Windows NT",
author = "Gail-Joon Ahn and Ravi Sandhu",
year = "2001",
month = "2",
day = "1",
language = "English (US)",
volume = "56",
pages = "39--49",
journal = "Journal of Systems and Software",
issn = "0164-1212",
publisher = "Elsevier Inc.",
number = "1",

}

TY - JOUR

T1 - Decentralized user group assignment in Windows NT

AU - Ahn, Gail-Joon

AU - Sandhu, Ravi

PY - 2001/2/1

Y1 - 2001/2/1

N2 - The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups. Each user within a group inherits the rights associated with that group. In this paper, we describe an experiment to extend the Windows NT group mechanism in two significant ways that are useful in managing group-based access control in large-scale systems. The goal of our experiment is to demonstrate how group hierarchies (where groups include other groups) and decentralized user-group assignment (where administrators are selectively delegated authority to assign certain users to certain groups) can be implemented by means of Microsoft remote procedure call (RPC) programs. In both respects the experimental goal is to implement previously published models (RBAC96 for group hierarchies and URA97 for decentralized user-group assignment). Our results indicate that Windows NT has adequate flexibility to accommodate sophisticated access control models to some extent.

AB - The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups. Each user within a group inherits the rights associated with that group. In this paper, we describe an experiment to extend the Windows NT group mechanism in two significant ways that are useful in managing group-based access control in large-scale systems. The goal of our experiment is to demonstrate how group hierarchies (where groups include other groups) and decentralized user-group assignment (where administrators are selectively delegated authority to assign certain users to certain groups) can be implemented by means of Microsoft remote procedure call (RPC) programs. In both respects the experimental goal is to implement previously published models (RBAC96 for group hierarchies and URA97 for decentralized user-group assignment). Our results indicate that Windows NT has adequate flexibility to accommodate sophisticated access control models to some extent.

KW - Role-based access control

KW - Security

KW - Windows NT

UR - http://www.scopus.com/inward/record.url?scp=0347665020&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0347665020&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:0347665020

VL - 56

SP - 39

EP - 49

JO - Journal of Systems and Software

JF - Journal of Systems and Software

SN - 0164-1212

IS - 1

ER -