[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/373256.373257acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
Article

The role-based access control system of a European bank: a case study and discussion

Published: 01 May 2001 Publication History

Abstract

Research in the area of role-based access control has made fast progress over the last few years. However, little has been done to identify and describe existing role-based access control systems within large organisations. This paper describes the access control system of a major European Bank. An overview of the systems structure, its administration and existing control principles constraining the administration is given. In addition, we provide an answer to a key question - the ratio of the number of roles to the system user population - which was raised in the recent RBAC2000 Workshop. Having described certain weaknesses of the Banks system, the case study is extended to a comparison between the system and the RBAC96 models. In particular the issues of inheritance and grouping are addressed.

References

[1]
Sandhu R., D. Ferraiolo, and R. Kuhn, "The NIST Model for Role-based Access Control: Towards a Unified Standard.". 5th ACM RBAC, Berlin, Germany, 2000.
[2]
Sandhu R., E. Coyne, H. Feinstein, et al. "Role-based access control models." IEEE Computer, vol. 29, pp. 38-47, 1996.
[3]
Nyanchama M. and S. Osborn, "The role graph model and conflict of interest." Transactions on Information Systems Security, vol. 2, pp. Pages 3 - 33, 1999.
[4]
Lupu E., D. Marriott, M. Sloman, and N. Yiaelis, "A policy based role framework for access control.". 1st ACM Workshop on Role-based access control, Gaithersburg, USA, 1996.
[5]
Epstein P., Sandhu, R., "Towards a UML based approach to role engineering.". 4th ACM ACM Workshop on Role-based access control, Fairfax, VA, USA, 1999.
[6]
Roeckle H., G. Schimpf, and R. Weidinger, "Process-Oriented Approach for Role-Finding to Implement Role-Based Security Administration in a Large Industrial Organisation.". 5th ACM Workshop on Role-Based access control, Berlin, Germany, 2000.
[7]
Awischus R., "Role based access control with the security administration manager (SAM).". 2nd ACM Workshop on Rolebased access control, Fairfax, VA, USA 1997.
[8]
Sandhu R., Bhamidipadi, V., "An Oracle Implementation of the PRA97 Model for Permission-Role Assignment.". 3rd ACM Workshop on Role-based access control, Fairfax, VA, 1998.
[9]
Sandhu R., and Epstein, J., "NetWare 4 as an Example of Role-based access control.". 1st ACM Workshop on Role-based access control, Gaithersburg, USA, 1996.
[10]
5th ACM Workshop on Role-based Access Control, Berlin, Germany, 2000.
[11]
Moffett J.D., "Control Principles and Role Hierarchies.". Third ACM Workshop on Role-based access control, Fairfax, VA, USA, 1998.
[12]
Schaad A. and J.D. Moffett, "The Incorporation of Control Principles into Access Control Policies (Extended Abstract)." presented at Hewlett Packard Policy Workshop, Bristol, 2001.
[13]
Sloman M. S. and K. P. Twidle, "Domains: A Framework for Structuring Management Policy." in Network and Distributed Systems Management, M. S. Sloman, Addison Wesley, 1994,
[14]
Ahn G. and R. Sandhu, "The RSL99 language for role-based separation of duty constraints.". 4th ACM Workshop on Role-based access control, Fairfax, VA, USA, 1999.
[15]
Jaeger T., "On the increasing importance of constraints.". 4th ACM Workshop on Role-based access control, Fairfax, VA USA, 1999.
[16]
Tidswell J. and T. Jaeger, "Integrated constraints and inheritance in DTAC." 5th ACM Workshop on Role-based access control, Berlin, Germany, 2000.

Cited By

View all
  • (2024)Analysing Conflict of Interest Integrated in Role-Based Access Control Model Using Event-BIntelligence of Things: Technologies and Applications10.1007/978-3-031-75593-4_6(57-72)Online publication date: 17-Dec-2024
  • (2024)Automated Semantic Role Mining Using Intelligent Role Based Access Control in Globally Distributed Banking EnvironmentITNG 2024: 21st International Conference on Information Technology-New Generations10.1007/978-3-031-56599-1_7(51-55)Online publication date: 9-Jul-2024
  • (2023)The Role of Internal Control Systems in Ensuring Financial Performance SustainabilitySustainability10.3390/su15131020615:13(10206)Online publication date: 27-Jun-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies
May 2001
181 pages
ISBN:1581133502
DOI:10.1145/373256
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2001

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. control principles
  2. dual control
  3. inheritance
  4. least privilege
  5. number of roles
  6. role administration
  7. role-based access control
  8. separation of duties

Qualifiers

  • Article

Conference

SACMAT01
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)89
  • Downloads (Last 6 weeks)7
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Analysing Conflict of Interest Integrated in Role-Based Access Control Model Using Event-BIntelligence of Things: Technologies and Applications10.1007/978-3-031-75593-4_6(57-72)Online publication date: 17-Dec-2024
  • (2024)Automated Semantic Role Mining Using Intelligent Role Based Access Control in Globally Distributed Banking EnvironmentITNG 2024: 21st International Conference on Information Technology-New Generations10.1007/978-3-031-56599-1_7(51-55)Online publication date: 9-Jul-2024
  • (2023)The Role of Internal Control Systems in Ensuring Financial Performance SustainabilitySustainability10.3390/su15131020615:13(10206)Online publication date: 27-Jun-2023
  • (2023)Design of an Access Control System for Unmanned Bathroom Based on Image Processing Technology2023 IEEE 2nd International Conference on Electrical Engineering, Big Data and Algorithms (EEBDA)10.1109/EEBDA56825.2023.10090513(1171-1175)Online publication date: 24-Feb-2023
  • (2022)A Survey on Empirical Security Analysis of Access-control Systems: A Real-world PerspectiveACM Computing Surveys10.1145/353370355:6(1-28)Online publication date: 7-Dec-2022
  • (2020)Intelligent Performance-Aware Adaptation of Control Policies for Optimizing Banking Teller Process Using Machine LearningIEEE Access10.1109/ACCESS.2020.30156168(153403-153412)Online publication date: 2020
  • (2019)User Access Rights Recommendation using Modified Fuzzy C-Means in Role Mining of an Indonesian Core Banking System2019 12th International Conference on Information & Communication Technology and System (ICTS)10.1109/ICTS.2019.8850977(241-245)Online publication date: Jul-2019
  • (2018)Identification of Cyclic Dipeptides from Escherichia coli as New Antimicrobial Agents against Ralstonia SolanacearumMolecules10.3390/molecules2301021423:1(214)Online publication date: 19-Jan-2018
  • (2018)Safety Decidability for Pre-Authorization Usage Control with Identifier Attribute DomainsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.2839745(1-1)Online publication date: 2018
  • (2018)ORGODEX: Authorization as a service (AaaS)2018 Annual IEEE International Systems Conference (SysCon)10.1109/SYSCON.2018.8369532(1-8)Online publication date: Apr-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media