CSE Publications - Report Abstract
CSE-2005-5
Title : SmartAccess: An Intelligent Proactive Role-Based Authorization System
Type : Technical Report
Author(s) : Raman Adaikkalavan and Sharma Chakravarthy
Abstract : In role-based access control (RBAC), users and objects are assigned to one or more roles. Users should be active in the role that has the required permissions before making access requests. In other words, users should be aware of the role-permission assignments i.e., what roles are required to perform operations on objects, so that they can activate the required roles. Thus, with the increase in the number of objects and with multiple roles, users often get swamped with role activations and lean towards activating all the assigned roles violating the principle of least privilege (PLP). In this paper, we introduce SmartAccess, a user-friendly access control system that allows users to concentrate on what objects they need, rather than what role should be activated in order for accessing. Furthermore, it provides access control by preserving the PLP and without any information leak. On the other hand, enforcing or implementing access control in a generalized way requires flexible and powerful suites of techniques. In this paper we analyze two approaches namely integrated and mediated that can be employed for enforcing access control. SmartAccess uses an event-based push-pull paradigm and supports the NIST RBAC standard and other extensions.