The Community for Technology Leaders
Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
ISBN: 1-4244-0198-4
pp: 61
R. Adaikkalavan , Dept. of Comput. Sci. Eng., Texas Univ., Arlington, TX, USA
S. Chakravarthy , Dept. of Comput. Sci. Eng., Texas Univ., Arlington, TX, USA
ABSTRACT
In role-based access control (RBAC), users and objects are assigned to one or more roles. Users should be active in the role that has the required permissions before access is granted. Thus, users should be aware of the role-permission assignments for activating the required roles. In general, with respect to role activations, current systems follow the human-active, system-passive model. Users often get swamped with role activations due to numerous factors that include increase in the number of objects, multiple role assignments, and shifting roles often, and lean toward activating all the assigned roles violating the principle of least privilege (PLP). In this paper, we introduce smartaccess, a system based on the system-active, human-passive model that allows users to concentrate on what objects they need, rather than what role should be activated in order to carry on their work efficiently. Furthermore, it provides access control by preserving the PLP and without any information leak. We provide algorithms for discovering roles and analyze various associated factors.
INDEX TERMS
human-passive model, discovery-based role activation, role-based access control, RBAC, role-permission assignment, smartaccess system, system-active model
CITATION
R. Adaikkalavan, S. Chakravarthy, "Discovery-based role activations in role-based access control", Performance, Computing, and Communications Conference, 2002. 21st IEEE International, vol. 00, no. , pp. 61, 2006, doi:10.1109/.2006.1629439
97 ms
(Ver 3.3 (11022016))