Migrating from DAC to RBAC

Emre Uzun, David Lorenzi, Vijayalakshmi Atluri, Jaideep Vaidya, Shamik Sural

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.

Original languageEnglish (US)
Title of host publicationData and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings
EditorsPierangela Samarati
PublisherSpringer Verlag
Pages69-84
Number of pages16
ISBN (Print)9783319208091
DOIs
StatePublished - Jan 1 2015
Event29th IFIP WG 11.3 Working Conference on Data and Applications Security, DBSec 2015 - Fairfax, United States
Duration: Jul 13 2015Jul 15 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9149
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other29th IFIP WG 11.3 Working Conference on Data and Applications Security, DBSec 2015
CountryUnited States
CityFairfax
Period7/13/157/15/15

Fingerprint

Role-based Access Control
Access Control
Access control
Configuration
Decision Support
Choose
Vary
Costs

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Uzun, E., Lorenzi, D., Atluri, V., Vaidya, J., & Sural, S. (2015). Migrating from DAC to RBAC. In P. Samarati (Ed.), Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings (pp. 69-84). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9149). Springer Verlag. https://doi.org/10.1007/978-3-319-20810-7_5
Uzun, Emre ; Lorenzi, David ; Atluri, Vijayalakshmi ; Vaidya, Jaideep ; Sural, Shamik. / Migrating from DAC to RBAC. Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings. editor / Pierangela Samarati. Springer Verlag, 2015. pp. 69-84 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{0b880674494b48ff9eea59c555be95c2,
title = "Migrating from DAC to RBAC",
abstract = "Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.",
author = "Emre Uzun and David Lorenzi and Vijayalakshmi Atluri and Jaideep Vaidya and Shamik Sural",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-20810-7_5",
language = "English (US)",
isbn = "9783319208091",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "69--84",
editor = "Pierangela Samarati",
booktitle = "Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings",
address = "Germany",

}

Uzun, E, Lorenzi, D, Atluri, V, Vaidya, J & Sural, S 2015, Migrating from DAC to RBAC. in P Samarati (ed.), Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9149, Springer Verlag, pp. 69-84, 29th IFIP WG 11.3 Working Conference on Data and Applications Security, DBSec 2015, Fairfax, United States, 7/13/15. https://doi.org/10.1007/978-3-319-20810-7_5

Migrating from DAC to RBAC. / Uzun, Emre; Lorenzi, David; Atluri, Vijayalakshmi; Vaidya, Jaideep; Sural, Shamik.

Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings. ed. / Pierangela Samarati. Springer Verlag, 2015. p. 69-84 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9149).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Migrating from DAC to RBAC

AU - Uzun, Emre

AU - Lorenzi, David

AU - Atluri, Vijayalakshmi

AU - Vaidya, Jaideep

AU - Sural, Shamik

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.

AB - Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.

UR - http://www.scopus.com/inward/record.url?scp=84949954684&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84949954684&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-20810-7_5

DO - 10.1007/978-3-319-20810-7_5

M3 - Conference contribution

AN - SCOPUS:84949954684

SN - 9783319208091

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 69

EP - 84

BT - Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings

A2 - Samarati, Pierangela

PB - Springer Verlag

ER -

Uzun E, Lorenzi D, Atluri V, Vaidya J, Sural S. Migrating from DAC to RBAC. In Samarati P, editor, Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings. Springer Verlag. 2015. p. 69-84. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-20810-7_5