{"title":"ARPPM: Administration in the RPPM Model","authors":"J. Crampton, J. Sellwood","doi":"10.1145/2857705.2857711","DOIUrl":null,"url":null,"abstract":"The RPPM model of access control uses relationships, paths and principal-matching in order to make access control decisions for general computing systems. Recently Stoller introduced a variant of an early RPPM model supporting administrative actions. Stoller's RPPM^2 model is able to make authorization decisions in respect of actions which affect the system graph and some policy elements. We also see utility in the RPPM model and believe that providing effective administration of the access control model is key to increasing the model's usefulness to real-world implementations. However, whilst we find inspiration in some aspects of Stoller's work, we believe that an alternative approach making use of the latest RPPM model as its basis will offer a wider range of operational and administrative capabilities. We motivate this work with specific requirements for an administrative model and then propose a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges. The resulting Administrative RPPM (ARPPM) model supports administration of all of the model's components: the system model, the system graph, the authorization policies and all of their elements.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2857705.2857711","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
The RPPM model of access control uses relationships, paths and principal-matching in order to make access control decisions for general computing systems. Recently Stoller introduced a variant of an early RPPM model supporting administrative actions. Stoller's RPPM^2 model is able to make authorization decisions in respect of actions which affect the system graph and some policy elements. We also see utility in the RPPM model and believe that providing effective administration of the access control model is key to increasing the model's usefulness to real-world implementations. However, whilst we find inspiration in some aspects of Stoller's work, we believe that an alternative approach making use of the latest RPPM model as its basis will offer a wider range of operational and administrative capabilities. We motivate this work with specific requirements for an administrative model and then propose a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges. The resulting Administrative RPPM (ARPPM) model supports administration of all of the model's components: the system model, the system graph, the authorization policies and all of their elements.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
