EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


15311 Dynamic User Role Assignment in Remote Access Control
Home Policy Brochure Browse Search User Area Contact Help

Saffarian, M. and Tang, Qiang and Jonker, W. and Hartel, P.H. (2009) Dynamic User Role Assignment in Remote Access Control. Technical Report TR-CTIT-09-14, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

Full text available as:

PDF

179 Kb
Open Access


Exported to Metis

Abstract

The Role-Based Access Control (RBAC) model has been widely
applied to a single domain in which users are known to the
administrative unit of that domain, beforehand. However,
the application of the conventional RBAC model for remote
access control scenarios is not straightforward. In such
scenarios, the access requestor is outside of the provider
domain and thus, the user population is heterogeneous and
dynamic. Here, the main challenge is to automatically assign
users to appropriate roles of the provider domain. Trust
management has been proposed as a supporting technique to
solve the problem of remote access control. The key idea is
to establish a mutual trust between the requestor and
provider based on credentials they exchange. However, a
credential doesn't convey any information about the behavior
of its holder during the time it is being used. Furthermore,
in terms of privileges granted to the requestor, existing
trust management systems are either too restrictive or not
restrictive enough. In this paper, we propose a new dynamic
user-role assignment approach for remote access control,
where a stranger requests for access from a provider domain.
Our approach has two advantages compared to the existing
dynamic user-role assignment techniques. Firstly, it
addresses the principle of least privilege without degrading
the efficiency of the access control system. Secondly, it
takes into account both credentials and the past behavior
of the requestor in such a way that he cannot compensate
for the lack of necessary credentials by having a good past
behavior.

Item Type:Internal Report (Technical Report)
Research Group:EWI-DIES: Distributed and Embedded Security, EWI-DB: Databases
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:SPCMHD: Secure Patient-Centric Management of Health Data
Uncontrolled Keywords:Secure Data Management, Remote Access Control
ID Code:15311
Deposited On:29 April 2009
International:Yes
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item