Visible to the public Start Here: Engineering Scalable Access Control Systems

TitleStart Here: Engineering Scalable Access Control Systems
Publication TypeConference Paper
Year of Publication2016
AuthorsElliott, Aaron, Knight, Scott
Conference NameProceedings of the 21st ACM on Symposium on Access Control Models and Technologies
Date PublishedJune 2016
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3802-8
KeywordsComplexity, least privilege, organizational structure, pubcrawl, role-based access control, Scalability, security scalability
Abstract

Role-based Access Control (RBAC) is a popular solution for implementing information security however there is no pervasive methodology used to produce scalable access control systems for large organizations with hundreds or thousands of employees. As a result ten engineers will likely arrive at ten different solutions to the same problem where there is no right or wrong answer but there is both an immediate and long term cost. Moreover, they would have difficulty communicating the important aspects of their design implementations to each other. This is an interesting deficiency because despite their diversity, large organizations are built upon two key concepts, roles and responsibilities, where a role like Departmental Chair is identified and assigned responsibilities. In this paper, our objective is to introduce ORGODEX, a new model and practical methodology for engineering scalable RBAC systems in large organizations where employees require access to information on a need to know basis. First, we motivate the requirement for a new RBAC dichotomy, distinguishing between roles and responsibilities. Next, we introduce our new model for describing and reasoning about RBAC systems with this new dichotomy. Finally, we produce a new iterative methodology for engineering scalable access control systems.

URLhttps://dl.acm.org/doi/10.1145/2914642.2914651
DOI10.1145/2914642.2914651
Citation Keyelliott_start_2016