Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Issue 13
Issue 14
Issue 15
Issue 16
Issue 17
Issue 18
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 15 / Issue 3

available in:   PDF (182 kB) PS (186 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-015-03-0538

 

DS RBAC - Dynamic Sessions in Role Based Access Control

Jörg R. Mühlbacher (Johannes Kepler University Linz, Austria)

Christian Praher (Johannes Kepler University Linz, Austria)

Abstract: Besides the well established access control models, Discretionary Access Control (DAC) and Mandatory Access Control (MAC), the policy neutral Role Based Access Control (RBAC) is gaining increasingly momentum. An important step towards a wide acceptance of RBAC has been achieved by the standardization of RBAC through the American National Standards Institute (ANSI) in 2004.

While the concept of sessions specified in the ANSI RBAC standard allows for differentiated role selections according to tasks that have to be performed by users, it is very likely that more roles will be activated in a session than are effectively needed to perform the intended activity. Dynamic Sessions in RBAC (DS RBAC) is an extension to the existing RBAC ANSI standard that dynamically deactivates roles in a session if they are not exercised for a certain period of time. This allows for the selection of an outer-shell of possibly needed permissions at the initation of a session through a user, while adhering to the principle of least privilege by automatically reducing the effective permission space to those roles really exercised in the session.

Analogous to the working set model known from virtual memory, only the minimal roles containing permissions recently exercised by the user are left in a session in the DS RBAC model. If the user tries to access a role that has aged out due to inactivity, a role fault occurs. A role fault can be resolved by the role fault handler that is responsible for re-activating the expired role. As will be presented in this paper, role re-activation may be subject to constraints that have to be fulfilled by the user in order to re-access the aged role.

Keywords: ANSI RBAC, Role Based Access Control, least privilege, security, session

Categories: D.4.6, K.6.5, L.4.0