For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Algorithms for Generating XML Documents from Probabilistic XML
p.1578
An Administration Iteration Problem and its Solution when Deploying the RBAC Model
p.1584
An Analysis Method of Semantic Relevancy on Controlled Tag
p.1588
An Approach to Detect Similar Script Functions in Web Applications Based on Calling Information
p.1593
An Audit-Integrated ARBAC Model
p.1600
An Efficient Approach of Convex Hull Triangulation Based on Monotonic Chain
p.1605
An Improved Ant Colony Optimization for VRP with Time Windows
p.1609
An Improved Three-Dimensional Target Octonion Representation
p.1614
Construction and Application of WD-GA-SVR Model - CSI 300 Index Forecast
p.1619

An Audit-Integrated ARBAC Model

Article Preview

Abstract:

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

You might also be interested in these eBooks
Information Technology Applications in Industry View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 263-266)

Pages:

1600-1604

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.263-266.1600

Citation:

Cite this paper

Online since:

December 2012

Authors:

Qiang Liu, Jian Hua Zhang

Keywords:

ARBAC, Audit, RBAC, Right and Liability Mechanism

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Sandhu R., Coyne E.J., Feinstein et al.Role-based access controlmodels.IEEE Computer,1996, 29(2):38-47.

Google Scholar

[2] Sandhu R., Bhamidipati.R, Munawer.R. The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security, 1999,2(1): 105-135.

DOI: 10.1145/300830.300839

Google Scholar

[3] J. Crampton and G. Loizou. Administrative scope: A foundation for role-based administrative models[J]. Transactions on Information System Security (TISSEC),2003, 6(2), p.201~231

DOI: 10.1145/762476.762478

Google Scholar

[4] Li NH, Winsborough WH, Mitchell JC. Beyond proof-of-compliance: Safety and availability analysis in trust management[C]. In: Proceedings of the IEEE Symposium on Security and Privacy. Oakland: IEEE Computer Society Press, 2003,p.123~139.

Google Scholar

[5] Li NH, Tripunitara MV. Security analysis in role-based access control[C]. In: Proceedings. of the 9th ACM Symposium on Access Control Models and Technologies (SACMAT 2004). 2004. p.126~135.

DOI: 10.1145/990036.990058

Google Scholar

[6] Sasturkar, A.Ping Yang. Stoller, S.D. Ramakrishnan, C.R. Policy analysis for administrative role based access control[C]. In: Proceedings. of 19th IEEE Workshop on Computer Security Foundations. (2006)

DOI: 10.1109/csfw.2006.22

Google Scholar

[7] Cholvy L., Cuppens F. Analyzing consistency of security policies. In: Proceedings of 1997 IEEE Symposium on Security and Privacy,1997, Oakland, USA.

DOI: 10.1109/secpri.1997.601324

Google Scholar

[8] Dinesh N., Joshi A., Lee I. et al.. Permission to speak: A logic for access control and conformance. Journal of Logic and Algebraic Programming,2011, 80(1): 50-74.

DOI: 10.1016/j.jlap.2009.12.002

Google Scholar

[9] Frode H., Vladimir O. Conformance Checking of RBAC Policyand Its Implementation. Lecture Notes in Computer Science,2005,34(39): 144-155

Google Scholar

[10] Sandhu R., Bhamidipati V.. The ASCAA Principles for Next-Generation Role-Based Access Control. In: Proceedings of 3rd International Conference on Availability, Reliability and Security.2008, Barcelona, Spain.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.