Jason Crampton, Administrative Scope and Role-Based Administration episode artwork

EPISODE · Sep 8, 2004 · 50 MIN

Jason Crampton, Administrative Scope and Role-Based Administration

from CERIAS Weekly Security Seminar - Purdue University

Role-based access control (RBAC) has received considerable attention in recent years, resulting in several important theoretical models and increasing use in commercial products. Nevertheless, role-based administration, the use of role-based techniques to control RBAC systems, has been less widely studied. We will consider the problem of controlling the propagation of authorization information in computer systems in general, and in role-based systems in particular. We will then introduce the concept of administrative scope, an intuitive notion corresponding to the set of role(s) that can be controlled by a given role, and demonstrate how this can be used as the fundamental unit in the development of a family of administrative models for RBAC systems. We compare the characteristics of these models with the well-known ARBAC97 administrative model. We conclude by discussing how administrative scope can be used to provide an administrative framework for more complex RBAC models. About the speaker: Jason Crampton is a lecturer in the Information Security Group at Royal Holloway, University of London. His main research interests are role-based access control, with particular emphasis on role-based administration, authorization constraints, and the use of partial order theory in access control and information security. He is on the editorial board of the Information Security Technical Report and is an Associate Research Fellow at Birkbeck, University of London.

Episode metadata supplied by the publisher feed · Published Sep 8, 2004

Role-based access control (RBAC) has received considerable attention in recent years, resulting in several important theoretical models and increasing use in commercial products. Nevertheless, role-based administration, the use of role-based techniques to control RBAC systems, has been less widely studied. We will consider the problem of controlling the propagation of authorization information in computer systems in general, and in role-based systems in particular. We will then introduce the concept of administrative scope, an intuitive notion corresponding to the set of role(s) that can be controlled by a given role, and demonstrate how this can be used as the fundamental unit in the development of a family of administrative models for RBAC systems. We compare the characteristics of these models with the well-known ARBAC97 administrative model. We conclude by discussing how administrative scope can be used to provide an administrative framework for more complex RBAC models. About the speaker: Jason Crampton is a lecturer in the Information Security Group at Royal Holloway, University of London. His main research interests are role-based access control, with particular emphasis on role-based administration, authorization constraints, and the use of partial order theory in access control and information security. He is on the editorial board of the Information Security Technical Report and is an Associate Research Fellow at Birkbeck, University of London.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Jason Crampton, Administrative Scope and Role-Based Administration

0:00 50:59

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of CERIAS Weekly Security Seminar - Purdue University?

This episode is 50 minutes long.

When was this CERIAS Weekly Security Seminar - Purdue University episode published?

This episode was published on September 8, 2004.

What is this episode about?

Role-based access control (RBAC) has received considerable attention in recent years, resulting in several important theoretical models and increasing use in commercial products. Nevertheless, role-based administration, the use of role-based...

Can I download this CERIAS Weekly Security Seminar - Purdue University episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!