TY - BOOK
T1 - Dynamic User Role Assignment in Remote Access Control
AU - Saffarian, M.
AU - Tang, Qiang
AU - Jonker, Willem
AU - Hartel, Pieter H.
PY - 2009/4/14
Y1 - 2009/4/14
N2 - The Role-Based Access Control (RBAC) model has been widely
applied to a single domain in which users are known to the
administrative unit of that domain, beforehand. However,
the application of the conventional RBAC model for remote
access control scenarios is not straightforward. In such
scenarios, the access requestor is outside of the provider
domain and thus, the user population is heterogeneous and
dynamic. Here, the main challenge is to automatically assign
users to appropriate roles of the provider domain. Trust
management has been proposed as a supporting technique to
solve the problem of remote access control. The key idea is
to establish a mutual trust between the requestor and
provider based on credentials they exchange. However, a
credential doesn't convey any information about the behavior
of its holder during the time it is being used. Furthermore,
in terms of privileges granted to the requestor, existing
trust management systems are either too restrictive or not
restrictive enough. In this paper, we propose a new dynamic
user-role assignment approach for remote access control,
where a stranger requests for access from a provider domain.
Our approach has two advantages compared to the existing
dynamic user-role assignment techniques. Firstly, it
addresses the principle of least privilege without degrading
the efficiency of the access control system. Secondly, it
takes into account both credentials and the past behavior
of the requestor in such a way that he cannot compensate
for the lack of necessary credentials by having a good past
behavior.
AB - The Role-Based Access Control (RBAC) model has been widely
applied to a single domain in which users are known to the
administrative unit of that domain, beforehand. However,
the application of the conventional RBAC model for remote
access control scenarios is not straightforward. In such
scenarios, the access requestor is outside of the provider
domain and thus, the user population is heterogeneous and
dynamic. Here, the main challenge is to automatically assign
users to appropriate roles of the provider domain. Trust
management has been proposed as a supporting technique to
solve the problem of remote access control. The key idea is
to establish a mutual trust between the requestor and
provider based on credentials they exchange. However, a
credential doesn't convey any information about the behavior
of its holder during the time it is being used. Furthermore,
in terms of privileges granted to the requestor, existing
trust management systems are either too restrictive or not
restrictive enough. In this paper, we propose a new dynamic
user-role assignment approach for remote access control,
where a stranger requests for access from a provider domain.
Our approach has two advantages compared to the existing
dynamic user-role assignment techniques. Firstly, it
addresses the principle of least privilege without degrading
the efficiency of the access control system. Secondly, it
takes into account both credentials and the past behavior
of the requestor in such a way that he cannot compensate
for the lack of necessary credentials by having a good past
behavior.
KW - SCS-Cybersecurity
KW - Remote Access Control
KW - Secure Data Management
KW - DB-SDM: SECURE DATA MANAGEMENT
M3 - Report
T3 - CTIT Technical Report Series
BT - Dynamic User Role Assignment in Remote Access Control
PB - Centre for Telematics and Information Technology (CTIT)
CY - Enschede
ER -