The role control center

Features and case studies

David F. Ferraiolo, Gail-Joon Ahn, R. Chandramouli, Serban I. Gavrila

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)

Abstract

Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products are used for centralized management of authorizations for resources resident in several heterogeneous systems (called target systems) distributed throughout the enterprise. The RBAC model used in an ESMS is called the Enterprise RBAC model (ERBAC). An ERBAC model can be used to specify not only sophisticated access requirements centrally for resources resident in several target systems, but also administrative data required to map those defined access requirements to the access control structures native to the target platforms. However, the ERBAC model (i.e., the RBAC implementation) supported in many commercial ESMS products has not taken full advantage of policy specification capabilities of RBAC. In this paper we describe an implementation of ESMS called the 'Role Control Center' (RCC) that supports an ERBAC model that includes features such as general role hierarchy, static separation of duty constraints, and an advanced permission review facility (as defined in NIST's proposed RBAC standard). We outline the various modules in the RCC architecture and describe how they collectively provide support for authorization administration tasks at the enterprise and target-system levels.

Original languageEnglish (US)
Title of host publicationProceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
Pages12-20
Number of pages9
StatePublished - 2003
Externally publishedYes
EventProceedings of Eighth ACM Symposium on Access Control Models and Technologies - Villa Gallia, Como, Italy
Duration: Jun 2 2003Jun 3 2003

Other

OtherProceedings of Eighth ACM Symposium on Access Control Models and Technologies
CountryItaly
CityVilla Gallia, Como
Period6/2/036/3/03

Fingerprint

Access control
Industry
Specifications

Keywords

  • Administrative roles
  • Authorization management
  • Role graph
  • Role hierarchy
  • Separation of duty

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Ferraiolo, D. F., Ahn, G-J., Chandramouli, R., & Gavrila, S. I. (2003). The role control center: Features and case studies. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002) (pp. 12-20)

The role control center : Features and case studies. / Ferraiolo, David F.; Ahn, Gail-Joon; Chandramouli, R.; Gavrila, Serban I.

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2003. p. 12-20.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ferraiolo, DF, Ahn, G-J, Chandramouli, R & Gavrila, SI 2003, The role control center: Features and case studies. in Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). pp. 12-20, Proceedings of Eighth ACM Symposium on Access Control Models and Technologies, Villa Gallia, Como, Italy, 6/2/03.
Ferraiolo DF, Ahn G-J, Chandramouli R, Gavrila SI. The role control center: Features and case studies. In Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2003. p. 12-20
Ferraiolo, David F. ; Ahn, Gail-Joon ; Chandramouli, R. ; Gavrila, Serban I. / The role control center : Features and case studies. Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002). 2003. pp. 12-20
@inproceedings{338e2a446a9949ad804a0896bbfcd9b4,
title = "The role control center: Features and case studies",
abstract = "Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products are used for centralized management of authorizations for resources resident in several heterogeneous systems (called target systems) distributed throughout the enterprise. The RBAC model used in an ESMS is called the Enterprise RBAC model (ERBAC). An ERBAC model can be used to specify not only sophisticated access requirements centrally for resources resident in several target systems, but also administrative data required to map those defined access requirements to the access control structures native to the target platforms. However, the ERBAC model (i.e., the RBAC implementation) supported in many commercial ESMS products has not taken full advantage of policy specification capabilities of RBAC. In this paper we describe an implementation of ESMS called the 'Role Control Center' (RCC) that supports an ERBAC model that includes features such as general role hierarchy, static separation of duty constraints, and an advanced permission review facility (as defined in NIST's proposed RBAC standard). We outline the various modules in the RCC architecture and describe how they collectively provide support for authorization administration tasks at the enterprise and target-system levels.",
keywords = "Administrative roles, Authorization management, Role graph, Role hierarchy, Separation of duty",
author = "Ferraiolo, {David F.} and Gail-Joon Ahn and R. Chandramouli and Gavrila, {Serban I.}",
year = "2003",
language = "English (US)",
pages = "12--20",
booktitle = "Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)",

}

TY - GEN

T1 - The role control center

T2 - Features and case studies

AU - Ferraiolo, David F.

AU - Ahn, Gail-Joon

AU - Chandramouli, R.

AU - Gavrila, Serban I.

PY - 2003

Y1 - 2003

N2 - Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products are used for centralized management of authorizations for resources resident in several heterogeneous systems (called target systems) distributed throughout the enterprise. The RBAC model used in an ESMS is called the Enterprise RBAC model (ERBAC). An ERBAC model can be used to specify not only sophisticated access requirements centrally for resources resident in several target systems, but also administrative data required to map those defined access requirements to the access control structures native to the target platforms. However, the ERBAC model (i.e., the RBAC implementation) supported in many commercial ESMS products has not taken full advantage of policy specification capabilities of RBAC. In this paper we describe an implementation of ESMS called the 'Role Control Center' (RCC) that supports an ERBAC model that includes features such as general role hierarchy, static separation of duty constraints, and an advanced permission review facility (as defined in NIST's proposed RBAC standard). We outline the various modules in the RCC architecture and describe how they collectively provide support for authorization administration tasks at the enterprise and target-system levels.

AB - Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products are used for centralized management of authorizations for resources resident in several heterogeneous systems (called target systems) distributed throughout the enterprise. The RBAC model used in an ESMS is called the Enterprise RBAC model (ERBAC). An ERBAC model can be used to specify not only sophisticated access requirements centrally for resources resident in several target systems, but also administrative data required to map those defined access requirements to the access control structures native to the target platforms. However, the ERBAC model (i.e., the RBAC implementation) supported in many commercial ESMS products has not taken full advantage of policy specification capabilities of RBAC. In this paper we describe an implementation of ESMS called the 'Role Control Center' (RCC) that supports an ERBAC model that includes features such as general role hierarchy, static separation of duty constraints, and an advanced permission review facility (as defined in NIST's proposed RBAC standard). We outline the various modules in the RCC architecture and describe how they collectively provide support for authorization administration tasks at the enterprise and target-system levels.

KW - Administrative roles

KW - Authorization management

KW - Role graph

KW - Role hierarchy

KW - Separation of duty

UR - http://www.scopus.com/inward/record.url?scp=0242709323&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242709323&partnerID=8YFLogxK

M3 - Conference contribution

SP - 12

EP - 20

BT - Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

ER -