QUANTITATIVE ANALYSIS AND ENFORCEMENT OF THE PRINCIPLE OF LEAST PRIVILEGE IN ROLE-BASED ACCESS CONTROL
Chunren Lai, Chang N. Zhang
2006
Abstract
Role-based access control (RBAC) models ease security administration and reduce overheads by introducing roles between users and privileges. RBAC provides the possibility to enforce the principle of least privileges that a user should be assigned just enough privileges to complete his/her job in order to prevent the possible information leaking and other wrong doing. This paper defines several concepts to quantitatively measure how well a user-role assignment meets the principle of least privilege and presents algorithms to find the perfect user-role assignment (i.e., without bringing any extra privilege) and the optimal user-role assignment (i.e., limiting any extra privilege to the minimum). The proposed approach for the enforcement of the principle of least privilege is particularly useful for automatic generation of user-role assignment in large-scale RBAC systems.
DownloadPaper Citation
in Harvard Style
Lai C. and N. Zhang C. (2006). QUANTITATIVE ANALYSIS AND ENFORCEMENT OF THE PRINCIPLE OF LEAST PRIVILEGE IN ROLE-BASED ACCESS CONTROL . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 69-74. DOI: 10.5220/0002100500690074
in Bibtex Style
@conference{secrypt06,
author={Chunren Lai and Chang N. Zhang},
title={QUANTITATIVE ANALYSIS AND ENFORCEMENT OF THE PRINCIPLE OF LEAST PRIVILEGE IN ROLE-BASED ACCESS CONTROL},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={69-74},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002100500690074},
isbn={978-972-8865-63-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - QUANTITATIVE ANALYSIS AND ENFORCEMENT OF THE PRINCIPLE OF LEAST PRIVILEGE IN ROLE-BASED ACCESS CONTROL
SN - 978-972-8865-63-4
AU - Lai C.
AU - N. Zhang C.
PY - 2006
SP - 69
EP - 74
DO - 10.5220/0002100500690074