Dynamic User Role Assignment in Remote Access Control

Share/Save/Bookmark

Saffarian, M. and Tang, Q. and Jonker, W. and Hartel, P.H. (2009) Dynamic User Role Assignment in Remote Access Control. [Report]

[img]
Preview
PDF
178Kb
Abstract:The Role-Based Access Control (RBAC) model has been widely
applied to a single domain in which users are known to the
administrative unit of that domain, beforehand. However,
the application of the conventional RBAC model for remote
access control scenarios is not straightforward. In such
scenarios, the access requestor is outside of the provider
domain and thus, the user population is heterogeneous and
dynamic. Here, the main challenge is to automatically assign
users to appropriate roles of the provider domain. Trust
management has been proposed as a supporting technique to
solve the problem of remote access control. The key idea is
to establish a mutual trust between the requestor and
provider based on credentials they exchange. However, a
credential doesn't convey any information about the behavior
of its holder during the time it is being used. Furthermore,
in terms of privileges granted to the requestor, existing
trust management systems are either too restrictive or not
restrictive enough. In this paper, we propose a new dynamic
user-role assignment approach for remote access control,
where a stranger requests for access from a provider domain.
Our approach has two advantages compared to the existing
dynamic user-role assignment techniques. Firstly, it
addresses the principle of least privilege without degrading
the efficiency of the access control system. Secondly, it
takes into account both credentials and the past behavior
of the requestor in such a way that he cannot compensate
for the lack of necessary credentials by having a good past
behavior.
Item Type:Report
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/65474
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page