article

Requirements for scalable access control and security management architectures

Authors:

Angelos D. Keromytis,

Jonathan M. SmithAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 7, Issue 2

Pages 8 - es

https://doi.org/10.1145/1239971.1239972

Published: 01 May 2007 Publication History

Abstract

Maximizing local autonomy by delegating functionality to end nodes when possible (the end-to-end design principle) has led to a scalable Internet. Scalability and the capacity for distributed control have unfortunately not extended well to resource access-control policies and mechanisms. Yet management of security is becoming an increasingly challenging problem in no small part due to scaling up of measures such as number of users, protocols, applications, network elements, topological constraints, and functionality expectations.

In this article, we discuss scalability challenges for traditional access-control mechanisms at the architectural level and present a set of fundamental requirements for authorization services in large-scale networks. We show why existing mechanisms fail to meet these requirements and investigate the current design options for a scalable access-control architecture.

We argue that the key design options to achieve scalability are the choice of the representation of access control policy, the distribution mechanism for policy, and the choice of the access-rights revocation scheme. Although these ideas have been considered in the past, current access-control systems in use continue to use simpler but restrictive architectural models. With this article, we hope to influence the design of future access-control systems towards more decentralized and scalable mechanisms.

References

[1]

Bartal, Y., Mayer, A., Nissim, K., and Wool, A. 1999. Firmato: A novel firewall management toolkit. In Proceedings of the 1999 IEEE Symposium on Security and Privacy. 17--31.

[2]

Bellovin, S. M. 1999. Distributed Firewalls. ;login: The USENIX Magazine (Special Issue on Security).

[3]

Bhatti, R., Ghafoor, A., Bertino, E., and Joshi, J. B. D. 2005. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. ACM Trans. Inform. Syst. Secur. 8, 2 (May), 187--227.

Digital Library

[4]

Bonatti, P., di Vimercati, S. D. C., and Samarati, P. 2000. A modular approach to composing access policies. In Proceedings of Computer and Communications Security (CCS'00). 164--173.

Digital Library

[5]

Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and Sastry, A. 2000. The COPS (Common Open Policy Service) Protocol. Request for comments (proposed standard), Internet Engineering Task Force.

[6]

Bull, J., Gong, L., and Sollins, K. 1992. Towards security in an open systems Federation. In Lecture Notes in Computer Science. vol. 648. Springer-Verlag, 3--20.

Digital Library

[7]

Calhoun, P., Rubens, A., Akhtar, H., and Guttman, E. 1999. DIAMETER Base Protocol. Internet Draft, Internet Engineering Task Force.

[8]

Chinitz, J. and Sonnenberg, S. 1996. A transparent security framework for TCP/IP and Legacy applications. Tech. rep., Intellisoft Corp.

[9]

Clark, D. D. 1988. The design philosophy of the DARPA Internet protocols. In Proceedings of SIGCOMM 1988. 106--114.

Digital Library

[10]

Damianou, M. 2002. A policy framework for management of distributed systems. Ph.D. thesis Imperial College, University of London.

[11]

Ferraiolo, D. F. and amd S. Gavrila, G.-J. A. 2003. The role control center: Features and case studies. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT).

Digital Library

[12]

Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. 2003. Role Based Access Control. Artech House.

Digital Library

[13]

Ferraiolo, D. F., Sandhu, R. S., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3, 224--274.

Digital Library

[14]

Guttman, J. D. 1997. Filtering postures: Local enforcement for global policies. In IEEE Security and Privacy Conference, Oakland, CA. 120--129.

Digital Library

[15]

Hale, J., Galiasso, P., Papa, M., and Shenoi, S. 1999. Security policy coordination for heterogeneous information systems. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC).

Digital Library

[16]

Hayton, R., Bacon, J., and Moody, K. 1998. Access control in an open distributed environment. In IEEE Symposium on Security and Privacy, Oakland, CA.

[17]

Hinrichs, S. 1999. Policy-based management: Bridging the gap. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC).

Digital Library

[18]

Howard, J. D. 1997. An analysis of security on the Internet 1989--1995. Ph.D. thesis. Carnegie Mellon University.

Digital Library

[19]

Ioannidis, S., Keromytis, A., Bellovin, S., and Smith, J. 2000. Implementing a distributed firewall. In Proceedings of Computer and Communications Security (CCS'00). 190--199.

Digital Library

[20]

Keromytis, A. D. 2001. Strongman: A scalable solution to trust management in networks. Ph.D. thesis, University of Pennsylvania, Philadelphia, PA.

Digital Library

[21]

Keromytis, A. D., Ioannidis, S., Greenwald, M. B., and Smith, J. M. 2003. The STRONGMAN architecture. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III). 178--188.

[22]

Lampson, B. 1971. Protection. In Proceedings of the 5th Princeton Symposium on Information Sciences and Systems. 473--443.

[23]

Lampson, B. 1974. Protection. Operat. Syst. Rev. 8, 1 (Jan), 18--24.

Digital Library

[24]

Miller, S. P., Neuman, B. C., Schiller, J. I., and Saltzer, J. H. 1987. Kerberos authentication and authorization system. Tech. rep., MIT.

[25]

Molitor, A. 1995. An architecture for advanced packet filtering. In Proceedings of the 5th USENIX UNIX Security Symposium.

Digital Library

[26]

Network Wizards. Internet Domain Survey. http://www.isc.org/ds.

[27]

RFC Editor. RFCs issued by year. http://www.rfceditor.org/num_rfc_year.html.

[28]

Rigney, C., Rubens, A., Simpson, W., and Willens, S. 1997. Remote Authentication Dial In User Service (RADIUS). Request for Comments (Proposed Standard) 2138, Internet Engineering Task Force.

[29]

Saltzer, J. H., Reed, D. P., and Clark, D. D. 1984. End-to-end arguments in system design. ACM Trans. on Comput. Syst. 2, 4 (Nov), 277--288.

Digital Library

[30]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2 (Feb), 38--47.

Digital Library

[31]

Sandhu, R. S. and Park, J. S. 1998. Decentralized user-role assignment for web-based intranets. In ACM Workshop on Role-Based Access Control. 1--12.

Digital Library

[32]

Telcordia Technologies. Evaluating the size of the Internet. http://www.netsizer.com/.

[33]

Thomsen, D., O'Brien, D., and Bogle, J. 1998. Role based access control framework for network enterprises. In Proceedings of the 14th Annual Computer Security Applications Conference.

Digital Library

[34]

Thomsen, D., O'Brien, R., and Payne, C. 1999. Napoleon network application policy environment. In Proceedings of the 4th ACM Workshop on Role-Based Acess Control (RBAC). 145--152.

Digital Library

[35]

Trostle, J., Kosinovsky, I., and Swift, M. M. 2001. Implementation of crossrealm referral handling in the MIT Kerberos client. In Proceedings of the Network and Distributed System Security Symposium (SNDSS). 109--124.

[36]

Vandenwauver, M., Claessens, J., Moreau, W., Vaduva, C., and Maier, R. 1999. Why enterprises need more than firewalls and intrusion detection systems. In IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99). Stanford, CA. IEEE Computer Society, 152--7.

Digital Library

[37]

Westerlund, A. and Danielsson, J. 2001. Heimdal and Windows 2000 Kerberos---How to get them to play together. In Proceedings of the USENIX Annual Technical Conference, Freenix Track. 267--272.

Digital Library

[38]

Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the Taos operating system. ACM Trans. Comput. Syst. 12, 1 (Feb), 3--32.

Digital Library

[39]

Wool, A. 2001. Architecting the Lumeta firewall analyzer. In Proceedings of the 10th USENIX Security Symposium. 85--97.

Digital Library

Cited By

Akaichi IKirrane S(2025)A comprehensive review of usage control frameworksComputer Science Review10.1016/j.cosrev.2024.10069856(100698)Online publication date: May-2025
https://doi.org/10.1016/j.cosrev.2024.100698
Mosteiro-Sanchez ABarcelo MAstorga JUrbieta A(2024)End to End secure data exchange in value chains with dynamic policy updatesFuture Generation Computer Systems10.1016/j.future.2024.04.053158:C(333-345)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1016/j.future.2024.04.053
Mohammad A(2022)Distributed Authentication and Authorization Models in Cloud Computing Systems: A Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20100082:1(107-123)Online publication date: 4-Mar-2022
https://doi.org/10.3390/jcp2010008
Show More Cited By

Index Terms

Requirements for scalable access control and security management architectures
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Management of computing and information systems
      1. System management
        Centralization / decentralization

Recommendations

Security analysis in role-based access control

The administration of large role-based access control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation ...
Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 7, Issue 2

May 2007

152 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/1239971

Issue’s Table of Contents

Copyright © 2007 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2007

Published in TOIT Volume 7, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
1,428
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)1

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Akaichi IKirrane S(2025)A comprehensive review of usage control frameworksComputer Science Review10.1016/j.cosrev.2024.10069856(100698)Online publication date: May-2025
https://doi.org/10.1016/j.cosrev.2024.100698
Mosteiro-Sanchez ABarcelo MAstorga JUrbieta A(2024)End to End secure data exchange in value chains with dynamic policy updatesFuture Generation Computer Systems10.1016/j.future.2024.04.053158:C(333-345)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1016/j.future.2024.04.053
Mohammad A(2022)Distributed Authentication and Authorization Models in Cloud Computing Systems: A Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20100082:1(107-123)Online publication date: 4-Mar-2022
https://doi.org/10.3390/jcp2010008
Elliott AKnight S(2018)ORGODEX: Authorization as a service (AaaS)2018 Annual IEEE International Systems Conference (SysCon)10.1109/SYSCON.2018.8369532(1-8)Online publication date: May-2018
https://doi.org/10.1109/SYSCON.2018.8369532
Elliott AKnight S(2018)ORGODEX: Service Portfolios for the Cloud2018 IEEE 11th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD.2018.00128(887-890)Online publication date: Jul-2018
https://doi.org/10.1109/CLOUD.2018.00128
Basin DCremers CDreier JSasse R(2017)Symbolically analyzing security protocols using tamarinACM SIGLOG News10.1145/3157831.31578354:4(19-30)Online publication date: 3-Nov-2017
https://dl.acm.org/doi/10.1145/3157831.3157835
Fijalkow N(2017)Undecidability results for probabilistic automataACM SIGLOG News10.1145/3157831.31578334:4(10-17)Online publication date: 3-Nov-2017
https://dl.acm.org/doi/10.1145/3157831.3157833
Howard HMalkhi DSpiegelman S(2017)Revisiting the Paxos FoundationsACM SIGOPS Operating Systems Review10.1145/3139645.313965651:1(67-71)Online publication date: 11-Sep-2017
https://dl.acm.org/doi/10.1145/3139645.3139656
Kaffel-Ben Ayed HZaghdoudi B(2016)A generic Kerberos-based access control system for the cloudAnnals of Telecommunications10.1007/s12243-016-0534-771:9-10(555-567)Online publication date: 6-Jul-2016
https://doi.org/10.1007/s12243-016-0534-7
Younis YKifayat KMerabti M(2015)A novel evaluation criteria to cloud based access control modelsProceedings of the 2015 11th International Conference on Innovations in Information Technology (IIT)10.1109/INNOVATIONS.2015.7381517(68-73)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1109/INNOVATIONS.2015.7381517
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents