Abstract
Maximizing local autonomy by delegating functionality to end nodes when possible (the end-to-end design principle) has led to a scalable Internet. Scalability and the capacity for distributed control have unfortunately not extended well to resource access-control policies and mechanisms. Yet management of security is becoming an increasingly challenging problem in no small part due to scaling up of measures such as number of users, protocols, applications, network elements, topological constraints, and functionality expectations.
In this article, we discuss scalability challenges for traditional access-control mechanisms at the architectural level and present a set of fundamental requirements for authorization services in large-scale networks. We show why existing mechanisms fail to meet these requirements and investigate the current design options for a scalable access-control architecture.
We argue that the key design options to achieve scalability are the choice of the representation of access control policy, the distribution mechanism for policy, and the choice of the access-rights revocation scheme. Although these ideas have been considered in the past, current access-control systems in use continue to use simpler but restrictive architectural models. With this article, we hope to influence the design of future access-control systems towards more decentralized and scalable mechanisms.
- Bartal, Y., Mayer, A., Nissim, K., and Wool, A. 1999. Firmato: A novel firewall management toolkit. In Proceedings of the 1999 IEEE Symposium on Security and Privacy. 17--31.Google Scholar
- Bellovin, S. M. 1999. Distributed Firewalls. ;login: The USENIX Magazine (Special Issue on Security).Google Scholar
- Bhatti, R., Ghafoor, A., Bertino, E., and Joshi, J. B. D. 2005. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. ACM Trans. Inform. Syst. Secur. 8, 2 (May), 187--227. Google Scholar
Digital Library
- Bonatti, P., di Vimercati, S. D. C., and Samarati, P. 2000. A modular approach to composing access policies. In Proceedings of Computer and Communications Security (CCS'00). 164--173. Google Scholar
Digital Library
- Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and Sastry, A. 2000. The COPS (Common Open Policy Service) Protocol. Request for comments (proposed standard), Internet Engineering Task Force.Google Scholar
- Bull, J., Gong, L., and Sollins, K. 1992. Towards security in an open systems Federation. In Lecture Notes in Computer Science. vol. 648. Springer-Verlag, 3--20. Google Scholar
Digital Library
- Calhoun, P., Rubens, A., Akhtar, H., and Guttman, E. 1999. DIAMETER Base Protocol. Internet Draft, Internet Engineering Task Force. Google Scholar
- Chinitz, J. and Sonnenberg, S. 1996. A transparent security framework for TCP/IP and Legacy applications. Tech. rep., Intellisoft Corp.Google Scholar
- Clark, D. D. 1988. The design philosophy of the DARPA Internet protocols. In Proceedings of SIGCOMM 1988. 106--114. Google Scholar
Digital Library
- Damianou, M. 2002. A policy framework for management of distributed systems. Ph.D. thesis Imperial College, University of London.Google Scholar
- Ferraiolo, D. F. and amd S. Gavrila, G.-J. A. 2003. The role control center: Features and case studies. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT). Google Scholar
Digital Library
- Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role Based Access Control. Artech House. Google Scholar
Digital Library
- Ferraiolo, D. F., Sandhu, R. S., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3, 224--274. Google Scholar
Digital Library
- Guttman, J. D. 1997. Filtering postures: Local enforcement for global policies. In IEEE Security and Privacy Conference, Oakland, CA. 120--129. Google Scholar
Digital Library
- Hale, J., Galiasso, P., Papa, M., and Shenoi, S. 1999. Security policy coordination for heterogeneous information systems. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC). Google Scholar
Digital Library
- Hayton, R., Bacon, J., and Moody, K. 1998. Access control in an open distributed environment. In IEEE Symposium on Security and Privacy, Oakland, CA.Google Scholar
- Hinrichs, S. 1999. Policy-based management: Bridging the gap. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC). Google Scholar
Digital Library
- Howard, J. D. 1997. An analysis of security on the Internet 1989--1995. Ph.D. thesis. Carnegie Mellon University. Google Scholar
Digital Library
- Ioannidis, S., Keromytis, A., Bellovin, S., and Smith, J. 2000. Implementing a distributed firewall. In Proceedings of Computer and Communications Security (CCS'00). 190--199. Google Scholar
Digital Library
- Keromytis, A. D. 2001. Strongman: A scalable solution to trust management in networks. Ph.D. thesis, University of Pennsylvania, Philadelphia, PA. Google Scholar
Digital Library
- Keromytis, A. D., Ioannidis, S., Greenwald, M. B., and Smith, J. M. 2003. The STRONGMAN architecture. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III). 178--188.Google Scholar
- Lampson, B. 1971. Protection. In Proceedings of the 5th Princeton Symposium on Information Sciences and Systems. 473--443.Google Scholar
- Lampson, B. 1974. Protection. Operat. Syst. Rev. 8, 1 (Jan), 18--24. Google Scholar
Digital Library
- Miller, S. P., Neuman, B. C., Schiller, J. I., and Saltzer, J. H. 1987. Kerberos authentication and authorization system. Tech. rep., MIT.Google Scholar
- Molitor, A. 1995. An architecture for advanced packet filtering. In Proceedings of the 5th USENIX UNIX Security Symposium. Google Scholar
Digital Library
- Network Wizards. Internet Domain Survey. http://www.isc.org/ds.Google Scholar
- RFC Editor. RFCs issued by year. http://www.rfceditor.org/num_rfc_year.html.Google Scholar
- Rigney, C., Rubens, A., Simpson, W., and Willens, S. 1997. Remote Authentication Dial In User Service (RADIUS). Request for Comments (Proposed Standard) 2138, Internet Engineering Task Force. Google Scholar
- Saltzer, J. H., Reed, D. P., and Clark, D. D. 1984. End-to-end arguments in system design. ACM Trans. on Comput. Syst. 2, 4 (Nov), 277--288. Google Scholar
Digital Library
- Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2 (Feb), 38--47. Google Scholar
Digital Library
- Sandhu, R. S. and Park, J. S. 1998. Decentralized user-role assignment for web-based intranets. In ACM Workshop on Role-Based Access Control. 1--12. Google Scholar
Digital Library
- Telcordia Technologies. Evaluating the size of the Internet. http://www.netsizer.com/.Google Scholar
- Thomsen, D., O'Brien, D., and Bogle, J. 1998. Role based access control framework for network enterprises. In Proceedings of the 14th Annual Computer Security Applications Conference. Google Scholar
Digital Library
- Thomsen, D., O'Brien, R., and Payne, C. 1999. Napoleon network application policy environment. In Proceedings of the 4th ACM Workshop on Role-Based Acess Control (RBAC). 145--152. Google Scholar
Digital Library
- Trostle, J., Kosinovsky, I., and Swift, M. M. 2001. Implementation of crossrealm referral handling in the MIT Kerberos client. In Proceedings of the Network and Distributed System Security Symposium (SNDSS). 109--124.Google Scholar
- Vandenwauver, M., Claessens, J., Moreau, W., Vaduva, C., and Maier, R. 1999. Why enterprises need more than firewalls and intrusion detection systems. In IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99). Stanford, CA. IEEE Computer Society, 152--7. Google Scholar
Digital Library
- Westerlund, A. and Danielsson, J. 2001. Heimdal and Windows 2000 Kerberos---How to get them to play together. In Proceedings of the USENIX Annual Technical Conference, Freenix Track. 267--272. Google Scholar
Digital Library
- Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the Taos operating system. ACM Trans. Comput. Syst. 12, 1 (Feb), 3--32. Google Scholar
Digital Library
- Wool, A. 2001. Architecting the Lumeta firewall analyzer. In Proceedings of the 10th USENIX Security Symposium. 85--97. Google Scholar
Digital Library
Index Terms
Requirements for scalable access control and security management architectures
Recommendations
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
A role-based XACML administration and delegation profile and its enforcement architecture
SWS '09: Proceedings of the 2009 ACM workshop on Secure web servicesThe OASIS technical committee published the XACML v3.0 administration and delegation profile (XACML-Admin) working draft on 16 April 2009 [3] in order to provide policy administration and dynamic delegation services to the XACML runtime. We enhance this ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...






Comments