Home // CLOUD COMPUTING 2011, The Second International Conference on Cloud Computing, GRIDs, and Virtualization // View article

Debit: A Diversity-based Method for Implicit Role Transition in RBAC Deployments

Authors:
Shanshan Li
Qingbo Wu
Lianyue He
Lisong Shao
Jie Yu

Keywords: DRT-RBAC; authentication trustworthiness; Debit.

Abstract:
Role-based access control (RBAC) is a widely used access control paradigm in operating system due to its simplicity, scalability and fine-grained control ability. Current approaches need re-login to transit role when the permissions of assigned role are inadequate for operation. This usage is easy for secure administration, while inflexible in practical use, especially for those authenticated users. This paper describes a diversity-based access control model supporting implicit role transition, called DRT-RBAC. By measuring users’ authentication trustworthiness, a range for role transition can be computed, and user whose diversity between the old role and the new one fall into this range is allowed for automated role transition. Further, we propose Debit, which calculates the diversity between roles in operating system through an analytic hierarchy process. In Debit, the roles are decomposed to fine grained system privileges, capability. Debit computes a weight for each category of capability through constructing a pair wise comparisons matrix. The diversity of two roles is finally obtained based on the weight of each capability category and the number difference of capabilities on the category. We implement Debit in Centos 5.4 to support implicit role transition based on Authentication Trustworthiness of login user.

Pages: 60 to 65

Copyright: Copyright (c) IARIA, 2011

Publication date: September 25, 2011

Published in: conference

ISSN: 2308-4294

ISBN: 978-1-61208-153-3

Location: Rome, Italy

Dates: from September 25, 2011 to September 30, 2011