Migrating from DAC to RBAC

Abstract : Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.
Document type :
Conference papers
Complete list of metadatas

Cited literature [26 references]  Display  Hide  Download

https://hal.inria.fr/hal-01745820
Contributor : Hal Ifip <>
Submitted on : Wednesday, March 28, 2018 - 3:57:35 PM
Last modification on : Friday, August 9, 2019 - 3:24:27 PM
Long-term archiving on : Thursday, September 13, 2018 - 11:37:04 AM

File

340025_1_En_5_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Emre Uzun, David Lorenzi, Vijayalakshmi Atluri, Jaideep Vaidya, Shamik Sural. Migrating from DAC to RBAC. 29th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2015, Fairfax, VA, United States. pp.69-84, ⟨10.1007/978-3-319-20810-7_5⟩. ⟨hal-01745820⟩

Share

Metrics

Record views

87

Files downloads

251