Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2007
ACM
2007
ACM
Extended privilege inheritance in RBAC
In existing RBAC literature, administrative privileges are inherited just like ordinary user privileges. We argue that from a security viewpoint this is too restrictive, and we believe that a more flexible approach can be very useful in practice. We define an ordering on the set of administrative privileges, enabling us to extend the standard privilege inheritance relation in a natural way. This means that if a user has a particular administrative privilege, then she is also implicitly authorized for weaker administrative privileges. We prove the non-trivial result that it is possible to decide whether one administrative privilege is weaker than another and show how this result can be used to decide administrative requests in an RBAC security monitor. Categories and Subject Descriptors D.4.6 [Security and Protection]: Access controls Keywords Access control, RBAC, Administrative privileges
Real-time TrafficAdministrative Privileges | CCS 2007 | Ordinary User Privileges | Security Privacy | Weaker Administrative Privileges |
Related Content
| Added | 07 Jun 2010 |
| Updated | 07 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | CCS |
| Authors | M. A. C. Dekker, J. G. Cederquist, Jason Crampton, Sandro Etalle |
Comments (0)
Researcher Info
|
