Extending RBAC for large enterprises and its quantitative risk evaluation

Seiichi Kondo; Mizuho Iwaihara; Masatoshi Yoshikawa; Masashi Torato

doi:10.1007/978-0-387-85691-9_9

Extending RBAC for large enterprises and its quantitative risk evaluation

Seiichi Kondo^*, Mizuho Iwaihara, Masatoshi Yoshikawa, Masashi Torato

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved. Furthermore, to select most cost-effective RBAC extensions for enterprise-wide requirements, we propose a quantitative risk evaluation method based on fault trees. We construct fault trees having security violation and productivity loss as top events, and RBAC standard functions and security incidents as basic events. Probabilities of the top events are computed for given RBAC models and operation environments. We apply this method to a real enterprise system using the above RBAC extension and the proposed model realizes more safety and productivity over the base model.

Original language	English
Title of host publication	Towards Sustainable Society on Ubiquitous Networks
Subtitle of host publication	The 8th IFIP Conference on e-Business, e-Services, and e-Society (I3E 2008), September 24-16, 2008, Tokyo, Japan
Editors	Makoto Oya, Ryuya Uda, Chizuko Yasunobu
Pages	99-112
Number of pages	14
DOIs	https://doi.org/10.1007/978-0-387-85691-9_9
Publication status	Published - 2008
Externally published	Yes

Publication series

Name	IFIP International Federation for Information Processing
Volume	286
ISSN (Print)	1571-5736

ASJC Scopus subject areas

Information Systems and Management

Access to Document

10.1007/978-0-387-85691-9_9

Cite this

Kondo, S., Iwaihara, M., Yoshikawa, M., & Torato, M. (2008). Extending RBAC for large enterprises and its quantitative risk evaluation. In M. Oya, R. Uda, & C. Yasunobu (Eds.), Towards Sustainable Society on Ubiquitous Networks: The 8th IFIP Conference on e-Business, e-Services, and e-Society (I3E 2008), September 24-16, 2008, Tokyo, Japan (pp. 99-112). (IFIP International Federation for Information Processing; Vol. 286). https://doi.org/10.1007/978-0-387-85691-9_9

Extending RBAC for large enterprises and its quantitative risk evaluation. / Kondo, Seiichi; Iwaihara, Mizuho; Yoshikawa, Masatoshi et al.

Towards Sustainable Society on Ubiquitous Networks: The 8th IFIP Conference on e-Business, e-Services, and e-Society (I3E 2008), September 24-16, 2008, Tokyo, Japan. ed. / Makoto Oya; Ryuya Uda; Chizuko Yasunobu. 2008. p. 99-112 (IFIP International Federation for Information Processing; Vol. 286).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kondo, S, Iwaihara, M, Yoshikawa, M & Torato, M 2008, Extending RBAC for large enterprises and its quantitative risk evaluation. in M Oya, R Uda & C Yasunobu (eds), Towards Sustainable Society on Ubiquitous Networks: The 8th IFIP Conference on e-Business, e-Services, and e-Society (I3E 2008), September 24-16, 2008, Tokyo, Japan. IFIP International Federation for Information Processing, vol. 286, pp. 99-112. https://doi.org/10.1007/978-0-387-85691-9_9

Kondo S, Iwaihara M, Yoshikawa M, Torato M. Extending RBAC for large enterprises and its quantitative risk evaluation. In Oya M, Uda R, Yasunobu C, editors, Towards Sustainable Society on Ubiquitous Networks: The 8th IFIP Conference on e-Business, e-Services, and e-Society (I3E 2008), September 24-16, 2008, Tokyo, Japan. 2008. p. 99-112. (IFIP International Federation for Information Processing). doi: 10.1007/978-0-387-85691-9_9

Kondo, Seiichi ; Iwaihara, Mizuho ; Yoshikawa, Masatoshi et al. / Extending RBAC for large enterprises and its quantitative risk evaluation. Towards Sustainable Society on Ubiquitous Networks: The 8th IFIP Conference on e-Business, e-Services, and e-Society (I3E 2008), September 24-16, 2008, Tokyo, Japan. editor / Makoto Oya ; Ryuya Uda ; Chizuko Yasunobu. 2008. pp. 99-112 (IFIP International Federation for Information Processing).

@inproceedings{86f098c616cc4a479b0abc0984c3c030,

title = "Extending RBAC for large enterprises and its quantitative risk evaluation",

abstract = "Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved. Furthermore, to select most cost-effective RBAC extensions for enterprise-wide requirements, we propose a quantitative risk evaluation method based on fault trees. We construct fault trees having security violation and productivity loss as top events, and RBAC standard functions and security incidents as basic events. Probabilities of the top events are computed for given RBAC models and operation environments. We apply this method to a real enterprise system using the above RBAC extension and the proposed model realizes more safety and productivity over the base model.",

author = "Seiichi Kondo and Mizuho Iwaihara and Masatoshi Yoshikawa and Masashi Torato",

year = "2008",

doi = "10.1007/978-0-387-85691-9_9",

language = "English",

isbn = "9780387856902",

series = "IFIP International Federation for Information Processing",

pages = "99--112",

editor = "Makoto Oya and Ryuya Uda and Chizuko Yasunobu",

booktitle = "Towards Sustainable Society on Ubiquitous Networks",

}

TY - GEN

T1 - Extending RBAC for large enterprises and its quantitative risk evaluation

AU - Kondo, Seiichi

AU - Iwaihara, Mizuho

AU - Yoshikawa, Masatoshi

AU - Torato, Masashi

PY - 2008

Y1 - 2008

N2 - Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved. Furthermore, to select most cost-effective RBAC extensions for enterprise-wide requirements, we propose a quantitative risk evaluation method based on fault trees. We construct fault trees having security violation and productivity loss as top events, and RBAC standard functions and security incidents as basic events. Probabilities of the top events are computed for given RBAC models and operation environments. We apply this method to a real enterprise system using the above RBAC extension and the proposed model realizes more safety and productivity over the base model.

AB - Systems and security products based on the RBAC model have been widely introduced to enterprises. Especially, the demands on enforcement of enterprise-level security policies and total identity management are rapidly growing. The RBAC model needs to be extended to deal with various circumstances of large enterprises, such as geographical distribution and heterogeneous environments including physical access control. In this paper, we introduce a new RBAC model, suitable for single sign-on systems. This model optimizes evaluation of rule-based RBAC so that total operation costs and productivity can be improved. Furthermore, to select most cost-effective RBAC extensions for enterprise-wide requirements, we propose a quantitative risk evaluation method based on fault trees. We construct fault trees having security violation and productivity loss as top events, and RBAC standard functions and security incidents as basic events. Probabilities of the top events are computed for given RBAC models and operation environments. We apply this method to a real enterprise system using the above RBAC extension and the proposed model realizes more safety and productivity over the base model.

UR - http://www.scopus.com/inward/record.url?scp=50249130272&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50249130272&partnerID=8YFLogxK

U2 - 10.1007/978-0-387-85691-9_9

DO - 10.1007/978-0-387-85691-9_9

M3 - Conference contribution

AN - SCOPUS:50249130272

SN - 9780387856902

T3 - IFIP International Federation for Information Processing

SP - 99

EP - 112

BT - Towards Sustainable Society on Ubiquitous Networks

A2 - Oya, Makoto

A2 - Uda, Ryuya

A2 - Yasunobu, Chizuko

ER -

Extending RBAC for large enterprises and its quantitative risk evaluation

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this