Back to University of Twente portal
Extended Privilege Inheritance in RBAC
Dekker, M.A.C. and Cederquist, J.G. and Crampton, J. and Etalle, S. (2007) Extended Privilege Inheritance in RBAC. In: 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007, March 20-22, 2007, Singapore, Thailand.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png) | PDF Restricted to UT campus only: Request a copy 194Kb |
| Abstract: | In existing RBAC literature, administrative privileges are inherited just like ordinary user privileges. We argue that from a security viewpoint this is too restrictive, and we believe that a more flexible approach can be very useful in practice. We define an ordering on the set of administrative privileges, enabling us to extend the standard privilege inheritance relation in a natural way. This means that if a user has a particular administrative privilege, then she is also implicitly authorized for weaker administrative privileges. We prove the non-trivial result that it is possible to decide whether one administrative privilege is weaker than another and show how this result can be used to decide administrative requests in an RBAC security monitor. |
| Item Type: | Conference or Workshop Item |
| Copyright: | © 2007 ACM |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/61839 |
| Official URL: | http://dx.doi.org/10.1145/1229285.1229335 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 241765