X-gtrbac admin: A decentralized administration model for enterprise-wide access control

Get BibTex-formatted data

Author

Elisa Bertino, Rafae Bhatti, Basit Shafiq, Arif Ghafoor, James B.D. Joshi

Entry type

article

Abstract

The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to conflicts in the overall policy in a multidomain environment. The administration problem for enterprise-wide access control, therefore, not only includes authorization management for users and resources within a single domain but also conflict resolution among heterogeneous access control policies of multiple domains to allow secure interoperation within the enterprise. This work presents design and implementation of X-GTRBAC Admin, an administration model that aims at enabling administration of role-based access control (RBAC) policies in the presence of constraints with support for conflict resolution in a multidomain environment. A key feature of the model is that it allows decentralization of policy administration tasks through the abstraction of administrative domains, which not only simplifies authorization management, but is also fundamental to the concept of decentralized conflict resolution presented. The paper also illustrates the applicability of the outlined administrative concepts in a realistic enterprise environment using an implementation prototype that facilitates policy administration in large enterprises.

Date

2005

URL

http://portal.acm.org/citation.cfm?id=1108909

Journal

ACM Transactions on Information and System Security

Key alpha

Bertino

Pages

388-423

Publisher

ACM

Volume

Affiliation

Purdue University

Publication Date

2005-00-00

Issn

1094-9224

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Bertino,
	title = "X-gtrbac admin: A decentralized administration model for enterprise-wide access control",
	author = "Elisa Bertino, Rafae Bhatti, Basit Shafiq, Arif Ghafoor, James B.D. Joshi",
	year = "2005",
	journal = "ACM Transactions on Information and System Security",
	pages = "388-423",
	publisher = "ACM",
	volume = "8",
	abstract = "The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to conflicts in the overall policy in a multidomain environment. The administration problem for enterprise-wide access control, therefore, not only includes authorization management for users and resources within a single domain but also conflict resolution among heterogeneous access control policies of multiple domains to allow secure interoperation within the enterprise. This work presents design and implementation of X-GTRBAC Admin, an administration model that aims at enabling administration of role-based access control (RBAC) policies in the presence of constraints with support for conflict resolution in a multidomain environment. A key feature of the model is that it allows decentralization of policy administration tasks through the abstraction of administrative domains, which not only simplifies authorization management, but is also fundamental to the concept of decentralized conflict resolution presented. The paper also illustrates the applicability of the outlined administrative concepts in a realistic enterprise environment using an implementation prototype that facilitates policy administration in large enterprises.",
	affiliation = "Purdue University",
	issn = "1094-9224",
	url = "http://portal.acm.org/citation.cfm?id=1108909",
}