Abstract
Role Based Access Control (RBAC) [3] is a popular approach to specify and enforce security policies in organizations. In large enterprise systems, the number of users, roles and permissions can be in hundreds or thousands and the security management can be a tedious task. One way to simplify the security management in RBAC is to allow the specification and the enforcement of dynamic constraints to be decentralized [7]. In this paper, we discuss the issues for supporting secure role activation and authorization when the decentralized approach to role activation management is adopted. Secure protocols are proposed to handle the processes of role assignment, role activation and authorization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights (2003), http://eprint.iacr.org/curr/
Ferraiolo, D.F., Barklery, J.F., Kuhn, D.R.: A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House, Boston (2003)
Hitchens, M., Varadharajan, V., Saunders, G.: Policy administration domains. In: ACISP, pp. 286–302 (2002)
Kim, S., Park, S., Won, D.: Proxy signatures, revisited. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 223–232. Springer, Heidelberg (1997)
Lee, G., Kim, W., Kim, D.-K., Yeh, H.: Effective web-related resource security using distributed role hierarchy. In: WAIM, pp. 87–96 (2004)
Lui, R.W.C., Chow, S.S.M., Hui, L.C.K., Yiu, S.M.: Role activation management in role based access control. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 358–369. Springer, Heidelberg (2005) (to appear)
Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures: Delegation of the power to sign messages. IEICE Trans. on Fundamentals E79-A(9), 1338–1354 (1996)
Montenegro, J.A., Moya, F.: A practical approach of X.509 attribute certificate framework as support to obtain privilege delegation. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 160–172. Springer, Heidelberg (2004)
Nicolosi, A., Krohn, M., Dodis, Y., Eres, D.: Proactive two-party signatures for user authentication. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, February 2003, pp. 233–24 (2003)
Park, J.S., Sandhu, R.S.: RBAC on the web by smart certificates. In: ACM Workshop on Role-Based Access Control, pp. 1–9 (1999), citeseer.nj.nec.com/park99rbac.html
Park, J.S., Sandhu, R.S., Ghanta, S.: RBAC on the web by secure cookies. In: DBSec, pp. 49–62 (1999)
Sandhu, R., Chandramouli, R.: Role based access control features in commercial database management systems. In: 21st National Information Systems Security Conference, Crystal City, Virginia, October 6-9 (1998)
Rivest, R.L., Shamir, A., Adelman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Technical Report MIT/LCS/TM-82 (1977)
Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)
Simon, R.T., Zurko, M.E.: Separation of duty in role-based environments. In: IEEE Computer Security Foundations Workshop, pp. 183–194 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lui, R.W.C., Hui, L.C.K., Yiu, S.M. (2005). Secure Role Activation and Authorization in the Enterprise Environment. In: Chadwick, D., Zhao, G. (eds) Public Key Infrastructure. EuroPKI 2005. Lecture Notes in Computer Science, vol 3545. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11533733_2
Download citation
DOI: https://doi.org/10.1007/11533733_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28062-0
Online ISBN: 978-3-540-31585-8
eBook Packages: Computer ScienceComputer Science (R0)