Administration of access control in information systems using URBAC model

• Autorzy: Poniszewska-Marańda A.
• Języki publikacji: EN

Abstrakty

EN

Since the value of information is constantly growing more and more businesses are in need for information system to aid them with information gathering and processing. The most important issue that arises here is how to ensure safety of this data that may be held on servers, personal computers or PDAs. This is where access control comes in. The main role of access control is to ensure that no unauthorized user will be able to gain access to resources and be able to copy or modify them. The paper deals with the process of access control administration in information systems with the use of usage role-based control approach. The presented process is based on the role engineering concept that includes the creation of security schema of access control divided between two actors - application/system developer and security administrator. They realize their tasks during two main phases that allow to define the complete access control schema for information systems of an organization.

Słowa kluczowe

EN

access control of information systems; usage role-based access control; role engineering; administration of access control

PL

kontrola dostępu w systemach informatycznych; kontrola dostępu oparta na rolach; role engineering; administrowanie kontrolą dostępu

• Wydawca: Wydawnictwo Politechniki Łódzkiej
• Czasopismo: Journal of Applied Computer Science
• Rocznik: 2011
• Tom: Vol. 19, nr 2
• Strony: 89--109
• Opis fizyczny: Bibliogr. 17 poz.

Twórcy

autor

Poniszewska-Marańda A.

• Institute of Information Technology, Technical University of Lodz, Poland, Wólczańska 215, 90-924 Łódź,

Bibliografia

• [1] Sandhu, R. S. and Samarati, P., Access Control: Principles and Practice, IEEE Communication, Vol. 32, No. 9, 1994, pp. 40-48.
• [2] Ferraiolo, D., Sandhu, R. S., Gavrila, S., Kuhn, D. R., and Chandramouli, R., Proposed NIST Role-Based Access control, ACM Transactions on Information and Systems Security, 2001.
• [3] Sandhu, R. and Bhamidipati, V., The ASCAA Principles for Next-Generation Role-Based Access Control, In: 3rd International Conference on Availability, Reliability and Security (ARES), Spain" 2008.
• [4] Pretschner, A., Hilty, M., and Basin, D., Distributed usage control, Communications of the ACM, Vol. 49, No. 9, 2006, pp. 39-44.
• [5] Park, J., Zhang, X., and Sandhu, R., Attribute Mutability in Usage Control, In: 18th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, 2004.
• [6] Park, J. and Sandhu, R., The UCON ABC Usage Control Model, ACM Transactions on Information and System Security, No. 7, 2004.
• [7] X. Zhang, F. Parisi-Presicce, R. S. and Park, J., Formal Model and Policy Specification of Usage Control, ACM Transactions on Information and System Security, Vol. 8, No. 4, 2005, pp. 351-387.
• [8] Goncalves, G. and Poniszewska-Marańda, A., Role engineering: from design to evaluation of security schemas, Journal of Systems and Software, Elsevier, Vol. 81, No. 8, 2008, pp. 1306-1326.
• [9] Poniszewska-Maranda, A., Implementation of Access Control Model for Distributed Information Systems using Usage Control, SIIS 2011, LNCS, Vol. 7053, 2011, pp. 54-67.
• [10] Ahn, G.-J. and Sandhu, R. S., Role-based Authorization Constraints Specification, ACM Transactions on Information and Systems Security, 2000.
• [11] M. Ben Ghorbel, F. Cuppens, N. C.-B. and Bouhoula, A., An extended rolebased access control model for delegating obligations, LNCS, Vol. 5695, No. 2, 2009, pp. 127-137.
• [12] Poniszewska-Marańda, A., Conception Approach of Access Control in Heterogeneous Information Systems using UML, Journal of Telecommunication Systems, Springer-Verlag Heidelberg, Vol. 45, No. 2-3, 2010, pp. 177-190.
• [13] Neumann, G. and Strembeck, M., A Scenario-driven Role Engineering Process for Functional RBAC Roles, In: 7th ACMSymposium on Access Control Models and Technologies (SACMAT), 2002.
• [14] Coyne, E. and Davis, J., Role Engineering for Enterprise Security Management, Artech House, 2008, Artech House.
• [15] Basin, D., Doser, J., and Lodderstedt, T., Model driven security: From UML models to access control infrastructures, ACM Transactions on Software Engineering Methodology, Vol. 15, 2006, pp. 39-91.
• [16] G. Booch, J. R. and Jacobson, I., The Unified Modeling Language User Guide, Addison Wesley, 2004.
• [17] Group, O. M., OMG Unified Modeling Language (OMG UML): Superstructure, Tech. Rep. Version 2.2, 2009.