RBAC-MAS and SODA: Experimenting RBAC in AOSE

37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the, 2004

Recently RBAC (role-based access controls) was found to be among the most attractive solutions for providing acess control in web-based e-commerce and e-government applications. Usually, such systems involve a huge number of heterogeneous users working with the systems under different rights and obligations. In an RBAC authorization and access control system the users are assigned to roles which are derived from the organizational structure. Because of the huge amount of users and the diversity of their requirments the administration of a RBAC system becomes crucial. Our group is involved in the European funded Webocracy project in which we have designed and implemented an RBAC system based on the Core RBAC model as defined in a proposed NIST standard. Based on the functional specification of the proposed NIST standard we specified administration requirements for managing roles, users and permissions we specified. In this paper we will present an administration console, which we designed to implement this requirements.

IEEE Security & Privacy Magazine, 2007

2007

Abstract In 2004, the American National Standards Institute approved the Role-Based Access Control standard to fulfill" a need among government and industry purchasers of information technology products for a consistent and uniform definition of role based access control (RBAC) features". Such uniform definitions give IT product vendors and customers a common and unambiguous terminology for RBAC features, which can lead to wider adoption of RBAC and increased productivity.

Proceedings of the 2nd ACM symposium on Information, computer and communications security, 2007

Administration of large-scale RBAC systems is a challenging open problem. We propose a principled approach in designing and analyzing administrative models for RBAC. We identify six design requirements for administrative models of RBAC. These design requirements are motivated by three principles for designing security mechanisms: (1) flexibility and scalability, (2) psychological acceptability, and (3) economy of mechanism. We then use these requirements to analyze several approaches to RBAC administration, including ARBAC97 [21, 23, 22], SARBAC [4, 5], and the RBAC system in the Oracle DBMS. Based on these requirements and the lessons learned in analyzing existing approaches, we design UARBAC, a new family of administrative models for RBAC that has significant advantages over existing models.

Proceedings of the 3rd ACM workshop on Secure web services - SWS '06, 2006

Nowadays many organizations use security policies to control access to sensitive resources. Moreover, exchanging or sharing services and resources is essential for these organizations to achieve their business objectives. Since the eXtensible Access Control Markup Language (XACML) was standardized by the OASIS community, it has been widely deployed, making it easier to interoperate with other applications using the same standard language. The OASIS has dened an RBAC prole of XACML that illustrates how organizations that would like to use the RBAC model can express their access control policy within this standard language. This work analyzes the RBAC prole of XACML, showing its limitations to respond to all the requirements for access control. We then suggest adding some functionalities within an extended RBAC prole of XACML. This new prole is expected to respond to more advanced access control requirements such as user-user delegation, access elements abstractions and contextual applicability of the policies.

2018

First of all, I would like to thank God who gave me strength and effort to complete my master thesis. I would also like to express my sincere gratitude to those who gave me the assistance and support during my master study especially my parents and my wife. I would also like to thank my thesis advisor professors, Dr. Rashid Jayousi, who served on my thesis committee and for his continuous supports and advices at all stages of my work. My deepest gratitude and appreciation goes to Dr. Radwan Tahboub and Dr. Badie Sartawi as external and internal examiners of this thesis, and I am gratefully indebted to them for their very valuable comments on this thesis.

Proceedings of the fourth ACM workshop on Role-based access control - RBAC '99, 1999

This project seeks to provide a single, GUI based security management interjiie for an existing, highly complex inform&on systems environment. Among the iaknt$ed requirements and goals for this project are, the use of Commercial O&Qhe-Shelfso*re, and the impkmentation of a foundation for an RBAC based approach to security management. 7his paper presents an overview of the RBAC salient issues that have been sur&ced by initial efsoorts. i%is paper also highlights some of challenges faced in migratian from an existing environment that has been developed over time and is largely segmented in both user communities and support groups to a centralized RBAC environment.

The main feature of a secure information system is protecting sensitive data and services of an organization. This goal can be achieved via enforcing various security controls such as authentication, authorization, encryption, intrusion detection, audit, availability and privacy mechanisms. Among those mechanisms, the access control is considered as one of the most important and strong driving forces for protecting the data and preserving the privacy. It orchestrates access to resources based on appropriate rights in defined policies. On another hand, resources in charge of administrating access control policies, like Data Base M anagement Systems (DBM Ss), can easily permit the following malfunctions. (1) The record of illegal updates leading to non-compliance between the concrete instance of the policy and its original specification. This can occur following an intrusion attempt or an illegal delegation of rights. (2) DBM Ss usually support several mechanis ms for managing access control such as DAC, M AC, RBAC based access, etc. This can lead to redundancy, inconsistency and contradiction in the expression of the low level policy if it is managed using more than one mechanism. In this paper, we provide a sy nthesis of the problem of non-conformity in concrete RBAC-based policies. Then, we introduce a formal system to face this problem. The proposal relies on logic-like formalisms which offer a solid environment to verify access control properties. After that, we discuss the relevance of our proposal and provide future directives.

2004

Abstract. Access control is a main security issue in the management of complex information systems as well as Multi-agent Systems (MAS). In this paper we discuss the application of the Role-Based Access Control (RBAC) model in the context of TuCSoN coordination infrastructure for MAS. RBAC models and their extensions are currently considered the most effective approach for engineering access control in complex information systems and dynamic organisations.

Proceedings of the 13th ACM symposium on Access control models and technologies - SACMAT '08, 2008

Large and distributed access control systems are increasingly common, for example in health care. In such settings, access control policies may become very complex, thus complicating correct and efficient adminstration of the access control system. Despite being one of the most widely used access control standards, RBAC does not include an administration model for distributed systems. In this paper we fill this gap. We present a model for the administration of RBAC in a distributed system and propose an administration procedure supporting the principle that different systems protect different sets of objects. We demonstrate that our procedure fulfills the formal requirements deriving from safety and availability, and we show how it can be translated to a practical implementation. Finally, we show how our model can be extended with multiple decentralized administrative systems.