A composite RBAC approach for large, complex organizations

Joon S. Park, Keith P. Costello, Teresa M. Neven, Josh A. Diosomito

Research output: Contribution to conferencePaper

33 Scopus citations

Abstract

Secure and effective access control is critical to sensitive organizations, especially when multiple organizations are working together using diverse systems. To alleviate the confusion and challenges of redundancy in such a large, complex organization, in this paper we introduce a composite role-based access control (RBAC) approach, by separating the organizational and system role structures and by providing the mapping between them. This allows for the explicit identification and separation of organizational and target-system roles, role hierarchies, role assignments, constraints, and role activations, with an attempt to bridge the gap between the organizational and system role structures. The composite RBAC approach supports scalable and reusable RBAC mechanisms for large, complex organizations. Our research explores the newly created Department of Homeland Security (DHS) as a large, complex organization in which the Composite RBAC can be applied.

Original languageEnglish (US)
Pages163-172
Number of pages10
StatePublished - Aug 30 2004
EventProceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004 - Yorktown Heights, NY, United States
Duration: Jun 2 2004Jun 4 2004

Other

OtherProceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004
CountryUnited States
CityYorktown Heights, NY
Period6/2/046/4/04

Keywords

  • RBAC
  • Role mappings
  • Role structures
  • Role-based access control

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'A composite RBAC approach for large, complex organizations'. Together they form a unique fingerprint.

  • Cite this

    Park, J. S., Costello, K. P., Neven, T. M., & Diosomito, J. A. (2004). A composite RBAC approach for large, complex organizations. 163-172. Paper presented at Proceedings on the Ninth ACM Symposium on Access Control Models and Technologies, SACMAT 2004, Yorktown Heights, NY, United States.