Start Here: Engineering Scalable Access Control Systems
Title | Start Here: Engineering Scalable Access Control Systems |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Elliott, Aaron, Knight, Scott |
Conference Name | Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies |
Date Published | June 2016 |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-3802-8 |
Keywords | Complexity, least privilege, organizational structure, pubcrawl, role-based access control, Scalability, security scalability |
Abstract | Role-based Access Control (RBAC) is a popular solution for implementing information security however there is no pervasive methodology used to produce scalable access control systems for large organizations with hundreds or thousands of employees. As a result ten engineers will likely arrive at ten different solutions to the same problem where there is no right or wrong answer but there is both an immediate and long term cost. Moreover, they would have difficulty communicating the important aspects of their design implementations to each other. This is an interesting deficiency because despite their diversity, large organizations are built upon two key concepts, roles and responsibilities, where a role like Departmental Chair is identified and assigned responsibilities. In this paper, our objective is to introduce ORGODEX, a new model and practical methodology for engineering scalable RBAC systems in large organizations where employees require access to information on a need to know basis. First, we motivate the requirement for a new RBAC dichotomy, distinguishing between roles and responsibilities. Next, we introduce our new model for describing and reasoning about RBAC systems with this new dichotomy. Finally, we produce a new iterative methodology for engineering scalable access control systems. |
URL | https://dl.acm.org/doi/10.1145/2914642.2914651 |
DOI | 10.1145/2914642.2914651 |
Citation Key | elliott_start_2016 |