ARPPM: Administration in the RPPM model

Jason Crampton; James Sellwood

doi:10.1145/2857705.2857711

ARPPM: Administration in the RPPM model

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The RPPM model of access control uses relationships, paths and principal-matching in order to make access control decisions for general computing systems. Recently Stoller introduced a variant of an early RPPM model supporting administrative actions. Stoller's RPPM$^2$ model is able to make authorization decisions in respect of actions which affect the system graph and some policy elements.

We also see utility in the RPPM model and believe that providing effective administration of the access control model is key to increasing the model's usefulness to real-world implementations. However, whilst we find inspiration in some aspects of Stoller's work, we believe that an alternative approach making use of the latest RPPM model as its basis will offer a wider range of operational and administrative capabilities.

We motivate this work with specific requirements for an administrative model and then propose a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges. The resulting Administrative RPPM (ARPPM) model supports administration of all of the model's components: the system model, the system graph, the authorization policies and all of their elements

Original language	English
Title of host publication	CODASPY 2016 - Proceedings of the 6th ACM Conference on Data and Application Security and Privacy
Publisher	ACM
Pages	219-230
Number of pages	12
ISBN (Print)	9781450339353
DOIs	https://doi.org/10.1145/2857705.2857711
Publication status	Published - 9 Mar 2016
Event	6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016 - New Orleans, United States Duration: 9 Mar 2016 → 11 Mar 2016

Conference

Conference	6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016
Country/Territory	United States
City	New Orleans
Period	9/03/16 → 11/03/16

Keywords

Access control
Administration
Authorization
Entity condition
Path condition
Principal matching
Relationship

Access to Document

10.1145/2857705.2857711

Cite this

@inproceedings{a6b7459e89ef44b69209d1d8496ca760,

title = "ARPPM: Administration in the RPPM model",

abstract = "The RPPM model of access control uses relationships, paths and principal-matching in order to make access control decisions for general computing systems. Recently Stoller introduced a variant of an early RPPM model supporting administrative actions. Stoller's RPPM$^2$ model is able to make authorization decisions in respect of actions which affect the system graph and some policy elements.We also see utility in the RPPM model and believe that providing effective administration of the access control model is key to increasing the model's usefulness to real-world implementations. However, whilst we find inspiration in some aspects of Stoller's work, we believe that an alternative approach making use of the latest RPPM model as its basis will offer a wider range of operational and administrative capabilities.We motivate this work with specific requirements for an administrative model and then propose a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges. The resulting Administrative RPPM (ARPPM) model supports administration of all of the model's components: the system model, the system graph, the authorization policies and all of their elements",

keywords = "Access control, Administration, Authorization, Entity condition, Path condition, Principal matching, Relationship",

author = "Jason Crampton and James Sellwood",

year = "2016",

month = mar,

day = "9",

doi = "10.1145/2857705.2857711",

language = "English",

isbn = "9781450339353",

pages = "219--230",

booktitle = "CODASPY 2016 - Proceedings of the 6th ACM Conference on Data and Application Security and Privacy",

publisher = "ACM",

note = "6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016 ; Conference date: 09-03-2016 Through 11-03-2016",

}

TY - GEN

T1 - ARPPM: Administration in the RPPM model

AU - Crampton, Jason

AU - Sellwood, James

PY - 2016/3/9

Y1 - 2016/3/9

N2 - The RPPM model of access control uses relationships, paths and principal-matching in order to make access control decisions for general computing systems. Recently Stoller introduced a variant of an early RPPM model supporting administrative actions. Stoller's RPPM$^2$ model is able to make authorization decisions in respect of actions which affect the system graph and some policy elements.We also see utility in the RPPM model and believe that providing effective administration of the access control model is key to increasing the model's usefulness to real-world implementations. However, whilst we find inspiration in some aspects of Stoller's work, we believe that an alternative approach making use of the latest RPPM model as its basis will offer a wider range of operational and administrative capabilities.We motivate this work with specific requirements for an administrative model and then propose a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges. The resulting Administrative RPPM (ARPPM) model supports administration of all of the model's components: the system model, the system graph, the authorization policies and all of their elements

AB - The RPPM model of access control uses relationships, paths and principal-matching in order to make access control decisions for general computing systems. Recently Stoller introduced a variant of an early RPPM model supporting administrative actions. Stoller's RPPM$^2$ model is able to make authorization decisions in respect of actions which affect the system graph and some policy elements.We also see utility in the RPPM model and believe that providing effective administration of the access control model is key to increasing the model's usefulness to real-world implementations. However, whilst we find inspiration in some aspects of Stoller's work, we believe that an alternative approach making use of the latest RPPM model as its basis will offer a wider range of operational and administrative capabilities.We motivate this work with specific requirements for an administrative model and then propose a decentralised discretionary access control approach to administration, whereby users are able to manage model components in the system graph through the addition and deletion of edges. The resulting Administrative RPPM (ARPPM) model supports administration of all of the model's components: the system model, the system graph, the authorization policies and all of their elements

KW - Access control

KW - Administration

KW - Authorization

KW - Entity condition

KW - Path condition

KW - Principal matching

KW - Relationship

UR - http://www.scopus.com/inward/record.url?scp=84964886829&partnerID=8YFLogxK

U2 - 10.1145/2857705.2857711

DO - 10.1145/2857705.2857711

M3 - Conference contribution

AN - SCOPUS:84964886829

SN - 9781450339353

SP - 219

EP - 230

BT - CODASPY 2016 - Proceedings of the 6th ACM Conference on Data and Application Security and Privacy

PB - ACM

T2 - 6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016

Y2 - 9 March 2016 through 11 March 2016

ER -

ARPPM: Administration in the RPPM model

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this