Managing Risks in RBAC Employed Distributed Environments

Get BibTex-formatted data

Author

Elisa Bertino, Ebru Celikel, Murat Kantarcioglu, Bhavani Thuraisingham

Entry type

book

Abstract

Role Based Access Control (RBAC) has been introduced in an effort to facilitate authorization in database systems. It introduces roles as a new layer in between users and permissions. This not only provides a well maintained access granting mechanism, but also alleviates the burden to manage multiple users. While providing comprehensive access control, current RBAC models and systems do not take into consideration the possible risks that can be incurred with role misuse. In distributed environments a large number of users are a very common case, and a considerable number of them are first time users. This fact magnifies the need to measure risk before and after granting an access. We investigate the means of managing risks in RBAC employed distributed environments and introduce a probability based novel risk model. Based on each role, we use information about user credentials, current user queries, role history log and expected utility to calculate the overall risk. By executing data mining on query logs, our scheme generates normal query clusters. It then assigns different risk levels to individual queries, depending on how far they are from the normal clusters. We employ three types of granularity to represent queries in our architecture. We present experimental results on real data sets and compare the performances of the three granularity levels.

Date

2007

URL

http://www.springerlink.com/content/ju6181q635611380/

Booktitle

On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS

Key alpha

Bertino

Pages

1548-1566

Publisher

Springer Berlin / Heidelberg

Series

Lecture Notes in Computer Science

Volume

4804

Affiliation

Purdue University

Publication Date

2007-00-00

Copyright

2007

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Book{ Bertino,
	title = "Managing Risks in RBAC Employed Distributed Environments",
	author = "Elisa Bertino, Ebru Celikel, Murat Kantarcioglu, Bhavani Thuraisingham",
	year = "2007",
	booktitle = "On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS",
	pages = "1548-1566",
	publisher = "Springer Berlin / Heidelberg",
	series = "Lecture Notes in Computer Science",
	volume = "4804",
	abstract = "Role Based Access Control (RBAC) has been introduced in an effort to facilitate authorization in database systems. It introduces roles as a new layer in between users and permissions. This not only provides a well maintained access granting mechanism, but also alleviates the burden to manage multiple users. While providing comprehensive access control, current RBAC models and systems do not take into consideration the possible risks that can be incurred with role misuse. In distributed environments a large number of users are a very common case, and a considerable number of them are first time users. This fact magnifies the need to measure risk before and after granting an access. We investigate the means of managing risks in RBAC employed distributed environments and introduce a probability based novel risk model. Based on each role, we use information about user credentials, current user queries, role history log and expected utility to calculate the overall risk. By executing data mining on query logs, our scheme generates normal query clusters. It then assigns different risk levels to individual queries, depending on how far they are from the normal clusters. We employ three types of granularity to represent queries in our architecture. We present experimental results on real data sets and compare the performances of the three granularity levels.",
	affiliation = "Purdue University",
	copyright = "2007",
	url = "http://www.springerlink.com/content/ju6181q635611380/",
}