EEMCS
Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Sitemap
 Search
 Organisation

EEMCS EPrints Service


8161 Extended Privilege Inheritance in RBAC
 Home Policy Brochure Browse Search User Area Contact Help

Dekker, M.A.C. and Cederquist, J.G. and Crampton, J. and Etalle, S. (2006) Extended Privilege Inheritance in RBAC. Technical Report TR-CTIT-07-36, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

This is the latest version of this eprint.

Full text available as:

PDF
 - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
175 Kb
Exported to Metis

Abstract

In existing RBAC literature, administrative privileges are inherited just like ordinary user privileges. We argue that from a security viewpoint this is too restrictive, and we believe that a more flexible approach can be very useful in practice. We define an ordering on the set of administrative privileges, enabling us to extend the standard privilege inheritance relation in a natural way. This means that if a user has a particular administrative privilege, then she is also implicitly authorized for weaker administrative privileges. We prove the non-trivial result that it is possible to decide whether one administrative privilege is weaker than another and show how this result can be used to decide administrative requests in an RBAC security monitor.

Item Type:Internal Report (Technical Report)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:PAW: Privacy in an Ambient World, Account: Accountability in Electronic Commerce Protocols
ID Code:8161
Deposited On:19 June 2007
Refereed:No
More Information:statisticsmetis

Available Versions of this Item

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item