|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2009 IEEE International Symposium on Policies for Distributed Systems and Networks
Towards Session-Aware RBAC Administration and Enforcement with XACML
London, UK
July 20-July 22
ISBN: 978-0-7695-3742-9
| ASCII Text | x | ||
| Min Xu, Duminda Wijesekera, Xinwen Zhang, Deshan Cooray, "Towards Session-Aware RBAC Administration and Enforcement with XACML," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 9-16, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, 2009. | |||
| BibTex | x | ||
| @article{ 10.1109/POLICY.2009.27, author = {Min Xu and Duminda Wijesekera and Xinwen Zhang and Deshan Cooray}, title = {Towards Session-Aware RBAC Administration and Enforcement with XACML}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2009}, isbn = {978-0-7695-3742-9}, pages = {9-16}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2009.27}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Towards Session-Aware RBAC Administration and Enforcement with XACML SN - 978-0-7695-3742-9 SP9 EP16 A1 - Min Xu, A1 - Duminda Wijesekera, A1 - Xinwen Zhang, A1 - Deshan Cooray, PY - 2009 VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER - | |||
An administrative role-based access control (ARBAC) model specifies administrative policies over a role-based access control(RBAC) system, where an administrative permission may change an RBAC policy by updating permissions assigned to roles, or assigning/revoking users to/from roles. Consequently, enforcing ARBAC policies over an active access controller while some users are using protected resources would result in conflicts: a policy may be in effect in the RBAC system while being updated by an ARBAC operation. Towards solving this concurrency problem, we propose a session-aware administrative model for RBAC. We show how the concurrency problem can be resolved by enhancing the eXtensible Access Control Markup Language (XACML) reference implementation.In order to do so, we develop an XACML-ARBAC profile to specify ARBAC policies, and enforce these polices by building an ARBAC enforcement module and a session administrative module. The former synchronizes with the evaluation of access control requests. The latter revokes conflicting ongoing user sessions immediately prior to enforcing administrative operations. Experimental studies show reasonable performance characteristics of our initial enhancement to Sun's reference implementation.
Citation:
Min Xu, Duminda Wijesekera, Xinwen Zhang, Deshan Cooray, "Towards Session-Aware RBAC Administration and Enforcement with XACML," policy, pp.9-16, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, 2009
Usage of this product signifies your acceptance of the Terms of Use.