3. Access management - Roles

Access management - Roles 1/1

Source

This section is mainly based on the following source:   : 1 .

Role Based Access Control - RBAC

  • RBAC try to reflect job functions to enforce access control entirely through 'roles'.
  • RBAC makes tights together the areas of Access Control, Information Security and Business requirements.
  • However, implementation of RBAC in cloud brings new challenges due to character of RBAC systems, which reflects enterprise's structure within its boundary.
  • Implementation of RBAC becomes a high priority task in the large companies: "Access control system requires intensive supervision over existing resource access control infrastructure.". For example, a system with 1000 users and \( 10^5 \) resources will require \( 10^8 \) authorization triples (the last component of each triple is the true/false flag).
  • Role-based system is an attempt to reduce costs related to the administration of the traditional access control system.
  • When RBAC structure is established it remains relatively constant   : 1 .

RBAC via ABAC

Role Based Access Control via Attribute Based Access Control:

  • Every account or asset has attributes that tell something about it.
  • ABAC can be used to strengthen account information and contextual information to securely control access.
  • However, consistence of processed data will impact the quality of ABAC.
  • A reliable identity provisioning system that can quickly replicate changes related to identity can make ABAC a powerful tool. Such a tool can be easily exposed outside organization.
  • Thus in this context ABAC is superior to RBAC, since RBAC cannot provide sufficient level of security, as the identity from outside the organization cannot be matched with any specific internal role.
  • With authorization engine created as a hybrid of the RBAC and ABAC models, the resulting system incorporates the best of each.

Bibliography 1/1

1

Spyra, G.K.:: Next generation authentication infrastructures with role-based security for cloud computing.

Master's thesis, Advanced Security and Digital Forensics School of Computing, Zürich (2012)




Projekt Cloud Computing – nowe technologie w ofercie dydaktycznej Politechniki Wrocławskiej (UDA.POKL.04.03.00-00-135/12)jest realizowany w ramach Programu Operacyjnego Kapitał Ludzki, Priorytet IV. Szkolnictwo wyższe i nauka, Działanie 4.3. Wzmocnienie potencjału dydaktycznego uczelni w obszarach kluczowych w kontekście celów Strategii Europa 2020, współfinansowanego ze środków Europejskiego Funduszu Społecznego i budżetu Państwa